home

t.exe

Salung International Corporation

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Windows Manager’. The file has been seen being downloaded from carpenti.com and multiple other hosts.
Publisher:
Salung International Corporation  (signed and verified)

MD5:
edaf8ce53d4919c52e422c7ce7242738

SHA-1:
dd81a7b57ba6d972263196a50b2a4421374474cd

SHA-256:
abe712d28d9a9fe3823c8fd87d905d58d4e6140742493767a8e027d6a02f943a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 4:01:15 PM UTC  (today)

File size:
273.5 KB (280,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\t.exe

Digital Signature
Signed by:
Salung International Corporation

Authority:
Salung International Corporation

Valid from:
6/25/2016 6:45:36 AM

Valid to:
6/26/2026 6:45:36 AM

Subject:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Issuer:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Serial number:
00866E0A24F3686932

File PE Metadata
Compilation timestamp:
6/26/2016 2:14:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:oVaNeAzllpppppppp77pICQRy3+q1Fufs4qPTHiDn5riZy9Nt1kc8G5LBsh1DrfV:lNewlFpICQRPflNDn5bnnRsDvIRd6M2d

Entry address:
0x1524E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
80 KB (81,920 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Microsoft Windows Manager

Command:
C:\users\camilo26\m-5050450250102304050603040\winmgr.exe


The file t.exe has been seen being distributed by the following 2 URLs.

http://carpenti.com/.../t.exe

http://hid2s.com/.../ttt.exe

Scan t.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.