home

thunder.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from hezuo.down.xunlei.com.
MD5:
558f65c87f0facdb1ce614b0cb4b9e61

SHA-1:
7a772966f76a701ef1c0f92090608da29b426e84

SHA-256:
493f9fb176357d90d92c0f5273715834c2ef547c2e9e954da13c862cb34ca02a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 10:39:18 AM UTC  (today)

File size:
622.3 KB (637,214 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\thunder.exe

File PE Metadata
Compilation timestamp:
5/8/2014 10:03:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Yq3t4s6iknka/e7j4gdEquCc6wY9+YalV6+JTAYKgys+hoSzm3Oi9:Yq9j65ka5quC7wYgV/qYas+npi9

Entry address:
0x12A580

Entry point:
49, 71, CB, 52, C0, 68, A5, BC, 04, 4A, 2B, 2F, 57, 41, 13, C7, AC, 0E, 56, 59, 3A, BD, 40, EF, 4C, 2F, F1, EA, 4B, 7D, FA, 8B, CB, 44, 93, 30, CD, 41, 4A, D9, 8D, 75, 8D, 41, D0, 65, E0, 77, E9, 07, 33, 2C, 57, E6, 58, 0A, 66, 19, 7B, CD, B4, 5B, 4F, 25, 7B, 7E, 94, 14, 36, AB, 5F, 16, 32, 48, B1, A3, 4A, 89, E4, 97, 7C, 46, A0, CD, F6, 06, D0, 1A, ED, 55, 09, 6A, 6D, AC, 89, 10, 13, 63, 6D, EC, 6C, 1D, B6, 25, 2F, A4, 68, AD, D8, B6, A3, C1, EC, B6, 3A, 8B, 67, A4, 56, D5, 9D, 5F, F8, 7B, 5F, DC, FD, 5F...
 
[+]

Entropy:
7.9876  (probably packed)

Code size:
560 KB (573,440 bytes)

The file thunder.exe has been seen being distributed by the following URL.

http://hezuo.down.xunlei.com/xl_hezuo_4/.../thunder(39788).exe

Scan thunder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.