precheck.exe

The application precheck.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The file has been seen being downloaded from bamba.theplaora.com.
MD5:
2c0838ad76e39338fed6e5725baf3cf4

SHA-1:
1be0e48cefd5d1f2a4474a4e476f1fa1dae8f263

SHA-256:
fe27a561ed1d78157516e39d4ba31ea815323a05917984e8a7dd68bcbdaefe72

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:37:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.177544
705

Baidu Antivirus
Adware.Win32.PicColor
4.0.3.1531

Bitdefender
Gen:Variant.Graftor.177544
1.0.20.300

Emsisoft Anti-Malware
Gen:Variant.Graftor.177544
8.15.03.01.03

ESET NOD32
Win32/Adware.PicColor (variant)
9.11250

F-Secure
Gen:Variant.Graftor.177544
11.2015-01-03_1

G Data
Gen:Variant.Graftor.177544
15.3.25

MicroWorld eScan
Gen:Variant.Graftor.177544
16.0.0.180

File size:
295 KB (302,080 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\precheck.exe

File PE Metadata
Compilation timestamp:
3/1/2015 3:31:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:nLiricmwMqu4yiznL4j5Lvrtp5T4Hdu/3MB81/nblwEOrGQrwdV5wREeVjn+jLBg:nLiOD1i/4j53hN3083tgrwdyTtl9qnI

Entry address:
0xE430

Entry point:
E8, 2B, 71, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, 57, E8, 73, 4A, 00, 00, 8B, F8, 89, 7E, 08, 8B, 57, 6C, 89, 16, 8B, 4F, 68, 89, 4E, 04, 3B, 15, 14, 7D, 44, 00, 74, 11, A1, D0, 7D, 44, 00, 85, 47, 70, 75, 07, E8, FD, 74, 00, 00, 89, 06, 8B, 46, 04, 5F, 3B, 05, B4, 7A, 44, 00, 74, 15, 8B, 4E, 08, A1, D0, 7D, 44, 00, 85, 41, 70, 75, 08, E8, 5F, 78, 00, 00, 89, 46, 04, 8B, 4E, 08, 8B, 41, 70, A8, 02, 75, 16, 83, C8, 02, 89, 41, 70, C6, 46, 0C, 01, EB...
 
[+]

Entropy:
6.4422

Code size:
220.5 KB (225,792 bytes)

The file precheck.exe has been seen being distributed by the following URL.

Remove precheck.exe - Powered by Reason Core Security