» release4091us.exe
Overview
Analysis
File Details
Downloads (16)

release4091us.exe

Ross-Tech, LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from s7338.chomikuj.pl and multiple other hosts.

File name:

release4091us.exe

Publisher:

Ross-Tech, LLC (signed and verified)

MD5:

3e05bd0a3723555c8b4df5fff8213794

SHA-1:

35dc94e63a04a6d245e4d9a6ae78a2e2635c4ae6

SHA-256:

a91fb14156aab445c36bcbd9188908d72cbec659cc575b567d8cb037c27ab01a

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/23/2024 8:35:45 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/PC-Guard

7.1.1

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14513

File size:

1.3 MB (1,374,592 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Ross-Tech, LLC

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

3/17/2005 1:28:50 PM

Valid to:

3/17/2007 1:28:50 PM

Subject:

L=Lansdale, S=Pennsylvania, C=US, OU=Secure Application Development, O="Ross-Tech, LLC", CN="Ross-Tech, LLC"

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

20FBBC

File PE Metadata

Compilation timestamp:

9/1/2004 12:16:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

24576:Sc4BADOjhbriyOuaUHSZQiXhCbJRjKLx0FevS7ICcacZLUanYZ5+:nghbrighHSZQXRjK10FeEcacK9+

Entry address:

0x21BD0

Entry point:

60, BE, 00, 70, 41, 00, 8D, BE, 00, A0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.9956

Packer / compiler:

UPX 2.90LZMA]

Code size:

44 KB (45,056 bytes)

The file release4091us.exe has been seen being distributed by the following 16 URLs.

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86TsJU3YkZc--RiZzrWC6m0SKLlqAs7r_MLxTnCcR9TdiMCFE66wFJjs3gvizHJ8JIk7mYz1OYKDWNi9JA--OY_U8MYtElGDBZyOabr-4TZ0hPiTuznnQoypXHX_5iB0GUQ&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86SOaYKdQbyLlTo6PJchEB88IZZMpS5xEd6dVvstm4c0FaClabwHmQXxpbydeiOPz5zT-Kbaen1_14n2Z-S9cXjzYYbYM5nyHw_pNfzxlo8Th0NLzJ7xVsR2txjPq-McecA&pv=2

http://s10014.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86e8FyWXJEEasz5oGEY1_U-Q7aayLjn91oDMm800Q1Ewgte8OpJoSMV2bWOc-TmYJ0d8B0po_Au3vnjMSw02NoIEPBSFPvXDGZeVmCTAn1GRIOEPnaXHfvGBaUQOe77iWrRfXO6g8q3yMuKWWEqaYgd4&pv=2

https://archive.org/download/.../KKL409.1.exe

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86XH_GZRdgpUQ9ewkm1usXEL_GwYJII1IAFQAjL3SVuDsblMa5nfyb47YpPZGJCTEFs6FUdP7z2SZOrzJJG17EEWx9SBVp6xXLvrkvS7LFt3jBqGrME8Jv34Jr3Bs3BMXrA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86Sh3vkteS_K4lVqGbucSCj1LyqYQiB1JsP1NJUjTL5QiBY_A09Rmwd72k5HPEqzjTuG_4QtUyXdM9bWXbhrz_w2H4LvU4seeGC-M5EqUj_QTmctFK70M_PBK0AnwQN9JIA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86YjoEoAIS9Xlul1owy2NNQROFxONKwz8ymvVE1NNlnPZRkew-7gLdFFpAJUhJRmPjGEW8nGBFQzQ8y_Iej-N_Wn5E4Er5gw42EADPSfp8ugS4sDhLeyS3tqzMichu6i2XA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86YggxfqfmBoSr9MA7cnzjNDaVPNPfqfhWqJLB9MCFBCc68Yuib38vG_BMAj1vbt6ARfNtwljSma2EeCTZLTf_yanAGh6_BDp_0DB1xxcTWn0-KxppOd8Df15p4DbdlmkIw&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86TsJU3YkZc--RiZzrWC6m0S_vzdidFJqXtPuj0b6Dm85_wIRal343bDMrXJ5ZRMfElheMQn0vXEkzdvoZD74peAYQomkhHghPpqMx8uTxN7tDxc_ZpYcWTdzopOm_Mzn7Q&pv=2

http://s10014.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86V2j7y9RoHlJpeDhARQBs9JwuQhN82HijDeBiVzPSuRlEV4OVXcZyf-IV9P94AtriRPcOB3Qq-PrX22wiRtv7heLEd3-wEMwOk5jaH9YfzuEmiNS9vEr5qnvYWWbce-CQg&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86SOaYKdQbyLlTo6PJchEB89HXGg8jgRdyVUAgAyFBeotiL0okI-_ay41LyQpVeihGfz1XpgFtsPkuJLfm27h56d8Sdm9FrkIfWsAACl_60IktJckQzOyyOz-aGWN_pt3ow&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86W0VYSGYKYyunGYQVxT4NoFNMxwfgrCuOyJG6_e8RG4NL27cEl9BOTXQF2VUEz57gc_vX1fV_y3p6Zp5sKuir0oTLhX_qN6FTXvP7BLAn11Zqf8DvXxDT4cY3c73-tbmMQ&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86TsJU3YkZc--RiZzrWC6m0TVdQbWk9Wv2SCXzHLRMCKOiCSLJmRYfj03GwQP7x1-Z93_Y_BbRkBKGOCEdk_a5BafEKx6z5rnwRTRjSJCsMf5BVzu4RAFVZYUu5QE_IscWQ&pv=2

http://s10014.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86SOaYKdQbyLlTo6PJchEB89jQOA6IKUn6OqtvK9bOnN7v9sYxiVE2_0jAdA81zQWnY7R1TAjd8hEpjPAz075fylFEXwm1v6V6792YRWnxCOqQxzihPvFM_rOswO1cqZscw&pv=2

https://downloader.disk.yandex.ua/disk/2191fc3511c3b7dbb5a9567b9b509b61b296c56389f3f736fb68781533a62620/56743aaa/.../x-msdownload&fsize=1374592&hid=5fa2e6cb306a7b947b5836f29ab26fa0&media_type=executable&tknv=v2

http://s10014.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86etIyBBcI6yjMfP4oelKraQsuhdQUKETEhx5FzpZVxUoIXJogAzHfMleFIujLUaQHJiQGJqrUt1MQws_cp818e29xin7XN_YvhaaxsnuG5cMrhVop1lFww0pZKkdbXWJPQ&pv=2

Scan release4091us.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.