home

samtoolbox.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s6534.chomikuj.pl and multiple other hosts.
MD5:
ebdc0bf9001437e8a83beef5652218f1

SHA-1:
4364146e940e2bc407baab12c44a17806ef35b71

SHA-256:
3ce096cfce0a8b967c16c506eaff9cd028b2e0292b0f91e5f3a312d4d96ef5e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 7:42:56 AM UTC  (today)

File size:
7.7 MB (8,114,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\samtoolbox.exe

File PE Metadata
Compilation timestamp:
3/15/2012 10:11:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
196608:m37MkncXVdoJm8IdRLApeuBC9gFPxotytmfiVM24a9fJMTvY31JCjz/LIKW9INzs:ecQFFgaMTvkHIe7yBLD6KCJsv6tWKFd5

Entry address:
0x12A0

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 90, 2C, BC, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 30, 2D, BC, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, E4, 2C, BC, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 70, A0, 00, E8, F2, 4A, 51, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 70, A0, 00, 89, 04, 24, E8, E5, 4A, 51, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, B0, BB, 00, C7, 04, 24, 00, EB, BA, 00, FF, D0, 8B...
 
[+]

Packer / compiler:
MingWin32

Code size:
6 MB (6,279,168 bytes)

The file samtoolbox.exe has been seen being distributed by the following 2 URLs.

http://s6534.chomikuj.pl/File.aspx?e=hIkpWU7PC4NLUhlVfA_E7IJgqlEUkUqCOG5yVv34_evPeG7A6J_DePulLKw2Y1XYL7D6JZTcrwt0qmf_hEb6qUuzPdyOsBNaeyLZ8RluEboPnAQotoUmMh0Aoo5f3NTwwTj_bTwHusCoHnfX5zLFxQ&pv=2

http://s6534.chomikuj.pl/File.aspx?e=hIkpWU7PC4NLUhlVfA_E7IJgqlEUkUqCOG5yVv34_euXgCFm0gO3rbqYdQXVrlhcSCZKVGIYAdjrhbNeR-IWye0CPD6xbA1G1CXMi0Amij2AMmNoqPr0ZnE_WxpKD2s7aJOGW1M3_h3b3ayF0H_C6g&pv=2

Scan samtoolbox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.