home

sub rosa.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from crypticsea.com.
MD5:
a935c37696f89839c5db430d175e1d46

SHA-1:
a8c893c507bbcb9f5c3b6789dc23506320bd25cf

SHA-256:
40917dd1beff150f913bf3712142570befc193f26e302fa76ef866b473d3cf4f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/8/2024 2:57:43 AM UTC  (today)

File size:
2.7 MB (2,833,737 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\sub rosa.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:5D26HnTlF1Q9r/Oe+yAW/yMFvsjNPSmeclaof6I0p1n8pNegfC2IVxRRHY5rTYy:5CUTlL2/O2X/fFv+NKnBofd6SqDYFky

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 14, AC, 43, 41, 8E, D5, 9A, D7, B5, 2B, 01, 00, 00, C0, 03, 00, 18, 00, 00, 00, 73, 75, 62, 72, 6F, 73, 61, 30, 37, 62, 2F, 64, 65, 64, 69, 63, 61, 74, 65, 64, 2E, 65, 78, 65, EC, 5C, 7F, 74, 5B, F5, 75, 7F, D2, 93, 6C, 25, 91, 91, 68, 64, 30, 6B, 52, 1C, 9A, 84, B4, F3, 52, DA, 84, B3, EC, 98, 10, 27, E4, 15, D8, A2, 4D, F6, 22, 1A, D2, 84, 25, C4, 80, ED, 04, 92, 32, 6B, 50, 1A, 51, 4B, B2, 53, BF, BC, 88, D9, 5D, DA, A5, 34, DB, 0C, 31, E0, 33, CC, 92, 43, D9, 8E...
 
[+]

Entropy:
7.9985  (probably packed)

The file sub rosa.exe has been seen being distributed by the following URL.

http://crypticsea.com/.../subrosa07b.zip

Scan sub rosa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.