home

ref40716.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ddl3.data.hu.
MD5:
93e2445c99eb1481ec0d8d97cac29d8e

SHA-1:
5ae697087f1068462feba0cb57262b7096c52f09

SHA-256:
85d308a3f85c762bf10d824f3c49d038ca3110f4cc661a9dde5a0ff8fde4326d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 3:15:27 PM UTC  (today)

File size:
198.2 KB (203,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ref40716.exe

File PE Metadata
Compilation timestamp:
7/3/2016 11:37:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:539B3fI3b3N3fOou/2V/en6KUmrBb/b963WhpE55A19joAk7v:YuuVGvbb9i265u19joAUv

Entry address:
0x1254

Entry point:
68, 90, 63, 4B, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 25, 46, AA, 31, C7, 45, C7, 41, 88, 6E, 20, 0B, CE, 62, 7E, 36, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 65, 69, 67, 68, 74, 20, 45, 70, 69, 70, 68, 79, 74, 65, 73, 34, 00, 20, 20, 33, 35, 32, 00, 00, 00, 00, FF, CC, 31, 00, 01, 63, 28, 6D, 33, 94, 68, AE, 4B, A5, C8, 84, 69, 71, 6E, 3B, EA, 05, A5, CC, 61, C4, 49, CD, 41, A2, F8, 83, D3, 28, 87, D0, 47, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.6746

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
760 KB (778,240 bytes)

The file ref40716.exe has been seen being distributed by the following URL.

http://ddl3.data.hu/get/0/.../ref40716.exe

Scan ref40716.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.