home

start menu gui.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s6393.chomikuj.pl and multiple other hosts.
Version:
1.0.97.02

MD5:
8c2a5ef731a4eb46646a5019244cea51

SHA-1:
fee6d24962780bb5bf38d651a3e29435506b82c7

SHA-256:
d7bdcca143ce35987af9eb9b5f6835140a578183fc8646251f6c5c8fe3d88419

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 9:33:32 AM UTC  (today)

File size:
1012.8 KB (1,037,090 bytes)

Product version:
1.0.97.02

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
4/14/2011 2:57:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ksqyeG8mnEQqfMl8Xkw+fDA3BPqQ54a4z7WUzTp:d8G8rQ7lukhfDA3BPMtKOp

Entry address:
0x7BDB0

Entry point:
E8, 60, 66, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 18, E8, DD, 1F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 80, 1F, 00, 00, 83, C8, FF, E9, 65, 01, 00, 00, 56, 57, E8, 91, 4C, 00, 00, 8B, F0, 59, 89, 75, F8, 39, 5F, 04, 7D, 03, 89, 5F, 04, 6A, 01, 53, 56, E8, 22, 67, 00, 00, 83, C4, 0C, 89, 45, FC, 3B, C3, 0F, 8C, FB, 00, 00, 00, 8B, 57, 0C, F7, C2, 08, 01, 00, 00, 75, 08, 2B, 47, 04, E9, 25, 01, 00, 00, 8B, 07, 8B, 4F, 08, 8B, D8, 2B, D9, 89, 5D, F4...
 
[+]

Code size:
548.5 KB (561,664 bytes)

The file start menu gui.exe has been seen being distributed by the following 3 URLs.

http://s6393.chomikuj.pl/File.aspx?e=NcTYLeGrbBi6jCng7hJR7NBDetixteboNyUbLJXZL7D5LGS-aSP4Id_Gom1BInRyDkRV1zHsxFSKjZPEVYoCNqGcmftUk4zcPBLWcT7FPshBa0jS7BNNVH0hBdvWt_rvvuamHgFjNMynSwsgJSFf7Q&pv=2

http://s10185.chomikuj.pl/File.aspx?e=NcTYLeGrbBi6jCng7hJR7L5W0Ew5MJH2bedN4kJ3Wt3QyHwYYriQMw13HgTxmnpdmKnCxAKuK1uSCqffXjD5YwqKT2MkjnHWzKUyF8J9JJ0yrUg2qvFJtaRWVFL5w0bFtRuihffrXx9vPzbt5jHOxA&pv=2

http://download1804.mediafire.com/bpeb6w5p23ug/.../Start Menu GUI.exe

Scan start menu gui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.