pyrun.exe

MD5:
4178f550805e6a33cce039cd51221100

SHA-1:
c1cba07d30b300648338364392dd450caab9ca20

SHA-256:
5c00e7c62e6a1bcd3afb63ee56fe7f3d5edff56a513981ac90ef6b0c9c7cc2e2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 2:32:41 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0209
7.2.50

File size:
55.5 KB (56,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pyrun.exe

File PE Metadata
Compilation timestamp:
2/1/2014 8:29:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
768:2O4wCArLUQ4C+1i2m94KuioNOEQZ9ZWjMzZaYcDT62NefWPi86mq0r+3:ZHx4W1uioNOEmZWsafDTFefWqxmqx

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 34, 50, 40, 00, 01, 00, 00, 00, E8, 2E, 0E, 00, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 34, 50, 40, 00, 00, 00, 00, 00, E8, 0E, 0E, 00, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, A1, 2C, 30, 40, 00, 85, C0, 74, 43, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 40, 40, 00, FF, 15, 98, 61, 40, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 0E, 40, 40, 00, 89, 04, 24, FF, 15, 9C, 61, 40, 00, 83, EC, 08, 89, C2, 85, D2...
 
[+]

Entropy:
5.9775

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vanilla.canonical.com  (91.189.88.22:80)

TCP (HTTP):
Connects to pyracantha.canonical.com  (91.189.92.163:80)

TCP (HTTP):
Connects to jogah.canonical.com  (91.189.92.151:80)

Scan pyrun.exe - Powered by Reason Core Security