» simulator.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

simulator.exe

File name:

simulator.exe

MD5:

8e2d7a17202dbca18804ac7b9063cc32

SHA-1:

1ac04fa597e4712f2213cd8050d4f03db4237957

SHA-256:

f8fbcfe7608d457f5e28c40aca2355ce8d09f5c9aed0f343f869f3766dca2bad

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/5/2024 3:28:19 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

File size:

5.5 MB (5,746,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\phoenixrc\simulator.exe

File PE Metadata

Compilation timestamp:

1/6/2016 3:25:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:Wh2xm8hY4nmdOUW+BBm/bMfZjiv98OwxqGMoyRWDfFjwpD0ymQHI5RNPQ2mYCPbB:WkxDhY4nwOUDqbMBjiv98OwxqGMoyRWs

Entry address:

0x41BE7C

Entry point:

E8, AC, 34, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 10, 75, 15, E8, 3D, 32, 00, 00, C7, 00, 16, 00, 00, 00, E8, 31, 99, 00, 00, 83, C8, FF, EB, 78, 8B, 4D, 0C, 56, 8B, 75, 08, 85, C9, 74, 19, 85, F6, 75, 15, E8, 19, 32, 00, 00, C7, 00, 16, 00, 00, 00, E8, 0D, 99, 00, 00, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, C8, 77, 03, 89, 4D, E4, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7, 45, EC, 42, 00, 00, 00, FF, 75... 
[+]

Entropy:

6.6622

Code size:

4.4 MB (4,660,736 bytes)

Windows Firewall Allowed Program

Name:

E:\Program Files\PhoenixRC\Simulator.exe

The file simulator.exe has been seen being distributed by the following 2 URLs.

https://doc-0k-ac-docs.googleusercontent.com/docs/securesc/u6ud18j7nt7g9o590lg8hskutev4qaca/cqlcmedgoj0v8sn42li0etcpb939g7dt/1482026400000/08473220900886108539/.../0B9gqb_LFuqffU1E4TTVVRExrbjA?e=download

https://doc-08-5k-docs.googleusercontent.com/docs/securesc/qrlkgeipvfmlohm64doho30k0j14vg13/l9orfic3ubnp5fbiq0gvgcdj7jtcshkp/1462464000000/08473220900886108539/.../0B9gqb_LFuqffU1E4TTVVRExrbjA?e=download

Scan simulator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.