home

trimcheck-0.4.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from files.thecybershadow.net.
MD5:
c50d0f0b181f46b9f16989dad83940b6

SHA-1:
7fa23164632bdc20018ced3bf6366f3a9484fd90

SHA-256:
74a73f1dba6ee9f09399cf41c2f6f0b4e57f4a9f9a78544c3d51c355aef7e4bf

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/16/2024 11:34:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4613

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131217

File size:
633 KB (648,220 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\trimcheck-0.4.exe

File PE Metadata
OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
6144:DV5JdJD/eJJlSdgTjjXiB6KDgh8NKwTa3yZQqR0kV6gu+67X3AJaO2M:NdR/bCTXyB6KnNKQKuxV

Entry address:
0x3D680

Entry point:
55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 48, 75, 49, 00, 68, 90, FE, 43, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 03, 2E, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, CE, 2D, 00, 00, E8, FD, 2C, 00, 00, 8B, C4, A3, 74, 1F, 4A, 00, E8, F9, 2E, 00, 00, 6A, 00, FF, 15, D4, 1B, 40, 00, A3, 7C, 1F, 4A, 00, E8, CF, 2E, 00, 00, FF, 15, 80, 1B, 40, 00, A3, 78, 1F, 4A, 00, E8, 13, 22, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
278.5 KB (285,184 bytes)

The file trimcheck-0.4.exe has been seen being distributed by the following URL.

http://files.thecybershadow.net/.../trimcheck-0.4.exe

Scan trimcheck-0.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.