release4091us.exe

Ross-Tech, LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from s7338.chomikuj.pl and multiple other hosts.
Publisher:
Ross-Tech, LLC  (signed and verified)

MD5:
3e05bd0a3723555c8b4df5fff8213794

SHA-1:
35dc94e63a04a6d245e4d9a6ae78a2e2635c4ae6

SHA-256:
a91fb14156aab445c36bcbd9188908d72cbec659cc575b567d8cb037c27ab01a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 5:34:13 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PC-Guard
7.1.1

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14513

File size:
1.3 MB (1,374,592 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/17/2005 1:28:50 PM

Valid to:
3/17/2007 1:28:50 PM

Subject:
L=Lansdale, S=Pennsylvania, C=US, OU=Secure Application Development, O="Ross-Tech, LLC", CN="Ross-Tech, LLC"

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
20FBBC

File PE Metadata
Compilation timestamp:
9/1/2004 12:16:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:Sc4BADOjhbriyOuaUHSZQiXhCbJRjKLx0FevS7ICcacZLUanYZ5+:nghbrighHSZQXRjK10FeEcacK9+

Entry address:
0x21BD0

Entry point:
60, BE, 00, 70, 41, 00, 8D, BE, 00, A0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9956

Packer / compiler:
UPX 2.90LZMA]

Code size:
44 KB (45,056 bytes)

The file release4091us.exe has been seen being distributed by the following 16 URLs.

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86TsJU3YkZc--RiZzrWC6m0SKLlqAs7r_MLxTnCcR9TdiMCFE66wFJjs3gvizHJ8JIk7mYz1OYKDWNi9JA--OY_U8MYtElGDBZyOabr-4TZ0hPiTuznnQoypXHX_5iB0GUQ&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86SOaYKdQbyLlTo6PJchEB88IZZMpS5xEd6dVvstm4c0FaClabwHmQXxpbydeiOPz5zT-Kbaen1_14n2Z-S9cXjzYYbYM5nyHw_pNfzxlo8Th0NLzJ7xVsR2txjPq-McecA&pv=2

http://s10014.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86e8FyWXJEEasz5oGEY1_U-Q7aayLjn91oDMm800Q1Ewgte8OpJoSMV2bWOc-TmYJ0d8B0po_Au3vnjMSw02NoIEPBSFPvXDGZeVmCTAn1GRIOEPnaXHfvGBaUQOe77iWrRfXO6g8q3yMuKWWEqaYgd4&pv=2

https://archive.org/download/.../KKL409.1.exe

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86XH_GZRdgpUQ9ewkm1usXEL_GwYJII1IAFQAjL3SVuDsblMa5nfyb47YpPZGJCTEFs6FUdP7z2SZOrzJJG17EEWx9SBVp6xXLvrkvS7LFt3jBqGrME8Jv34Jr3Bs3BMXrA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86Sh3vkteS_K4lVqGbucSCj1LyqYQiB1JsP1NJUjTL5QiBY_A09Rmwd72k5HPEqzjTuG_4QtUyXdM9bWXbhrz_w2H4LvU4seeGC-M5EqUj_QTmctFK70M_PBK0AnwQN9JIA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86YjoEoAIS9Xlul1owy2NNQROFxONKwz8ymvVE1NNlnPZRkew-7gLdFFpAJUhJRmPjGEW8nGBFQzQ8y_Iej-N_Wn5E4Er5gw42EADPSfp8ugS4sDhLeyS3tqzMichu6i2XA&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86YggxfqfmBoSr9MA7cnzjNDaVPNPfqfhWqJLB9MCFBCc68Yuib38vG_BMAj1vbt6ARfNtwljSma2EeCTZLTf_yanAGh6_BDp_0DB1xxcTWn0-KxppOd8Df15p4DbdlmkIw&pv=2

http://s7338.chomikuj.pl/File.aspx?e=i1INlmb1jjG_fNp4R5c86TsJU3YkZc--RiZzrWC6m0S_vzdidFJqXtPuj0b6Dm85_wIRal343bDMrXJ5ZRMfElheMQn0vXEkzdvoZD74peAYQomkhHghPpqMx8uTxN7tDxc_ZpYcWTdzopOm_Mzn7Q&pv=2

Scan release4091us.exe - Powered by Reason Core Security