home

tti_7.0_he_downloader.exe

MD5:
2157fb34233c1bcbce05b9d076458625

SHA-1:
0e34d9619eb60fd4f6e495502bb6e471dbeb2994

SHA-256:
52cc8e12aa89bae052f203f92939a30073c49d0273a0ded33f00fe5f5cb95553

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 6:44:13 AM UTC  (today)

File size:
6.3 MB (6,617,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tti_7.0_he_downloader.exe

File PE Metadata
Compilation timestamp:
7/23/2013 6:45:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:RVSI7Ii550NsPzJUfV89XWko2e9agy7hOEdiUyA61dew8e:RcI7r5Cq2igkXDOTUyv1ME

Entry address:
0x76353

Entry point:
77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF, 80, 00, 00, 00, 4A, 75, A3, 85, C9, 74, 4F, 8B, D1, C1, EA, 04, 85, D2, 74, 17, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 7F, 07, 8D, 76, 10, 8D, 7F, 10, 4A, 75, EF, 83, E1, 0F, 74, 2A, 8B, C1, C1, E9, 02, 74, 0D, 8B, 16, 89, 17, 8D, 76, 04, 8D, 7F, 04, 49, 75, F3, 8B, C8, 83, E1, 03, 74, 0F, 8A, 06, 88, 07, 46, 47, 49, 75, F7, 8D, 9B, 00, 00, 00, 00, 58, 5E, 5F, C3, 8D, A4, 24, 00, 00, 00, 00, EB, 03, CC, CC, CC, BA, 10, 00, 00, 00, 2B, D0...
 
[+]

Entropy:
7.0575

Code size:
605 KB (619,520 bytes)

The file tti_7.0_he_downloader.exe has been seen being distributed by the following URL.

http://wgtot25.digitalriver.com/wgt/9B5A4FCEF11DA80C/171F14235882A3D34841170D5B9DEF7BB4812F5728912FFB2B6D2983E0AD920D371DE80E8D32F26542550B988D111E26F004748D1E06EB958733672FB1D4B2033A883DDC2125E85C07A27641949D8AA58F5DC70B1E40C906/.../TTi_7.0_HE_Downloader.exe

Scan tti_7.0_he_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.