home

soportewo.exe

EjecutaTv

This is a setup program which is used to install the application. The file has been seen being downloaded from www.google.com and multiple other hosts.
Product:
EjecutaTv

Version:
1.0.0.0

MD5:
fbed02c418f6dc0448e3d434a502e36d

SHA-1:
7a55ef47d6870b7d4aed1290d864f58167d75f7c

SHA-256:
67aa283ac72a90cd415223e4ac38cbac6b3676167ac2d2c8dd1a966e03ce7e8c

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 2:39:57 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
8.3.2.2

File size:
4.4 MB (4,631,552 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
EjecutaTv.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\soportewo.exe

File PE Metadata
Compilation timestamp:
8/31/2015 11:59:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:OaJ4zgfXd8hRnrrNXfw1tKTMtdVOf+hzn3eOw/gtCMerC+z:XJugft8nrrNXfw1tKTQdAf+hLOBgM

Entry address:
0x4101CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 88, 00, 00, 80, 10, 00, 00, 00, A0, 00, 00, 80, 18, 00, 00, 00, B8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 02, 00, 00, 00, D0, 00, 00, 80, 03, 00, 00, 00, E8, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.1 MB (4,252,160 bytes)

The file soportewo.exe has been seen being distributed by the following 4 URLs.

https://www.google.com/url?hl=es-419&q=http://www.descargaswo.com/soporteInterno/.../SoporteWO.exe&source=gmail&ust=1484930977960000&usg=AFQjCNGUshSgzTWCUjJrisuTrAGW0rucjA

http://mandrillapp.com/track/click/.../www.descargaswo.com?p=eyJzIjoiQXVnendFU1I4UVAzb1dBdmhhNEFnWEJ5clMwIiwidiI6MSwicCI6IntcInVcIjozMDc2MjE2NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvd3d3LmRlc2Nhcmdhc3dvLmNvbVxcXC9zb3BvcnRlSW50ZXJub1xcXC9yZWN1cnNvc1xcXC9Tb3BvcnRlV08uZXhlXCIsXCJpZFwiOlwiMjM3MGIyZGNmMDI5NDM1NmFlOWM0NWZmYzYwMmNlZmJcIixcInVybF9pZHNcIjpbXCIyZmEwYmExMDk3ZTY5ZDlmMzA0M2U5NGRjZGQyNDcxODA1ZTEzY2Q1XCJdfSJ9

http://www.descargaswo.com/.../1470313011

http://www.descargaswo.com/soporteInterno/.../SoporteWO.exe

Scan soportewo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.