reciboban...online.exe

Open Doc

This is a setup program which is used to install the application. The file has been seen being downloaded from c103.pcloud.com.
Publisher:
Open Doc

Product:
Open Doc

Version:
12.21.34.32

MD5:
593c3e8ba4f7e142661a86d9b75304b9

SHA-1:
fae1280cf97dfdbc2179a792e2953e72cf878f3d

SHA-256:
78a81d6ca8b8f275cf807c0e13a4b91ede109adcfc0a86333187a28f02c3bb3f

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 7:09:40 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bandok.NAS trojan
8.0.319.0

File size:
956.2 KB (979,187 bytes)

Product version:
12.21.34.32

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\reciboban...online.exe

File PE Metadata
Compilation timestamp:
7/12/2016 12:05:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:rH21R4BhdRuDa/lKL4+2fdicFVCejP3S86tEhGecRMT0F1Z:rg48L4+2jV9PS86tEhGecRMAFX

Entry address:
0x92980

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 0C, 19, 49, 00, E8, 8D, 3D, F7, FF, 33, D2, 55, 68, C7, 29, 49, 00, 64, FF, 32, 64, 89, 22, 33, C9, B2, 01, A1, D8, D4, 48, 00, E8, 59, B4, FF, FF, 33, C9, B2, 01, A1, 5C, FA, 48, 00, E8, 0B, E4, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, 90, 15, F7, FF, E8, 9B, 19, F7, FF, B2, 01, A1, CC, 26, 41, 00, E8, 6F, 10, F7, FF, 33, C9, B2, 01, A1, E8, 9B, 44, 00, E8, 45, A1, FB, FF, 8B, D8, BA, 5C, 2A, 49, 00, 8B, C3, E8, 0B, 54, FA, FF, 33, C0, 55, 68, 18, 2A, 49...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
582 KB (595,968 bytes)

The file reciboban...online.exe has been seen being distributed by the following URL.

Scan reciboban...online.exe - Powered by Reason Core Security