portable coreldraw x5.exe

Corel Graphics Applications

Blog do Birungueta

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Blog do Birungueta

Product:
Corel Graphics Applications

Description:
www.birungueta.blogspot.com

Version:
15.0.0.486

MD5:
d17414efa2dd345c427c3762d9a3f841

SHA-1:
fd6f4bd72f9d2a9bcec4a24611931f1f680090c8

SHA-256:
08b7ccea1ed5f69de708535a252fc9a7b0fb5842f43bbbb06395739a8bb9d84a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:40:36 AM UTC  (today)

File size:
209.2 MB (219,384,547 bytes)

Product version:
15.0.0.486

Copyright:
Copyright(c) 2010 Corel Corporation

Trademarks:
Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Cor

Original file name:
CorelDrw.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cordporx5v15486\portable coreldraw x5.exe

File PE Metadata
OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3145728:VNsXrDqe2FlyqGv6w+ROpzJU+e7y9MdY2V8sfXjxoMmmCSfyUNFd0xfyKEZCVkdG:AXrD29GCwEOnXeUGksf+g9yMpKEs7

Entry address:
0x419F

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, F4, 0C, 00, 00, 53, 56, 57, E8, 82, FB, FF, FF, 8B, 35, 0C, F0, 43, 00, FF, D6, 83, E0, 11, BB, 10, 50, 40, 00, 3D, 11, 01, 00, 00, 0F, 84, 21, 04, 00, 00, FF, D6, A3, 0C, 50, 40, 00, E8, 4D, FC, FF, FF, 8B, C8, 2B, 0D, 0C, 50, 40, 00, 6A, 03, 33, D2, 8B, C1, 5E, F7, F6, F7, C1, 00, 80, FF, FF, 0F, 85, A9, 02, 00, 00, 33, C0, 33, FF, 89, BC, 24, E4, 08, 00, 00, 66, 89, 84, 24, D0, 04, 00, 00, 89, BC, 24, CC, 04, 00, 00, 66, 89, 84, 24, B8, 00, 00, 00, E8, 09, FC, FF, FF, 8B...
 
[+]

Entropy:
7.9997

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
15.5 KB (15,872 bytes)

The file portable coreldraw x5.exe has been seen being distributed by the following 6 URLs.

https://mega.nz/temporary/.../JFAgyBrR

https://www.dropbox.com/pri/.../CorelDrawX5Portable.exe

temp:Corel Draw X5 Portable.exe

Scan portable coreldraw x5.exe - Powered by Reason Core Security