pricora-us.exe

Nhddcsg

Agcsnaqd

The application pricora-us.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from softs.illyx.com.
Publisher:
Agcsnaqd

Product:
Nhddcsg

Description:
Wfvubk

Version:
1.1.1.1

MD5:
1cf593553f5b14ec993125f146d35d72

SHA-1:
8c657318b348da683e0772799195a4669632e84b

SHA-256:
9ac37f231c8b0d5bafbe1aec1f10b77be085b7cf4bb007c89a91187a2c29bcf0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:06:47 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
16915

ESET NOD32
Win32/Packed.ScrambleWrapper
7.8783

Reason Heuristics
PUP.Win.Reputation
16.1.15.12

Trend Micro House Call
TROJ_GEN.F47V0810
7.2.358

File size:
5.3 MB (5,536,313 bytes)

Copyright:
Lwapv

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pricora-us.exe

File PE Metadata
Compilation timestamp:
2/19/2012 3:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:gcGSQ45Hneae+DZ1/TOlUT5EP/JPBECs2XcJs/cTUha2Bj8psrc6CsnLAzjDmm:gcXT5HealxaB5EvqcCccVKpspPLgjDmm

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file pricora-us.exe has been seen being distributed by the following URL.

Remove pricora-us.exe - Powered by Reason Core Security