» úåëðú îé÷àøã çéðí.exe
Overview
Analysis
File Details
Downloads (14)

úåëðú îé÷àøã çéðí.exe

WindowsApplication1

This is a setup program which is used to install the application. The file has been seen being downloaded from f2h.nana10.co.il and multiple other hosts.

File name:

Product:

WindowsApplication1

Version:

1.0.0.0

MD5:

2c388c05218125c8f4ef4ed2b4e2d9d7

SHA-1:

4aeb8fc94ba0a4711dcaf5972f94e521e948be61

SHA-256:

dc12704765d6713bbfacbae1af69918b314e7b0260103d910ef49f7b2c89fb9f

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/26/2024 8:04:37 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan-Spy.MSIL

t3scan.2.0.3.0

File size:

108.5 KB (111,104 bytes)

Product version:

1.0.0.0

Original file name:

WindowsApplication1.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\úåëðú îé÷àøã çéðí.exe

File PE Metadata

Compilation timestamp:

6/21/2012 10:38:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:LJ4ZPxgXJNxUsyF5GV1TltqxUe4YFvwWB4WvN4Nf2ucWEL4SpF84b2fa:LUPeHxUxETui4vYWv6A4u84b2C

Entry address:

0x1BDCE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, 78, E3, 4F, 00, 00, 00, 00, 02, 00, 00, 00, 7C, 00, 00, 00, 1C, C0, 01, 00, 1C, A2, 01, 00, 52, 53, 44, 53, 29, 6C, 87, EF, A5, 8E, E0, 48, B6, 1C, C4, D4, 8A, C3, 2B, 37, 01, 00, 00, 00, 44, 3A, 5C, 4D, 61, 72, 6F, 6D, 5C, D7, AA, D7, 95, D7, 9B, D7, A0, D7, 95, D7, AA, 5C, 57, 69, 6E, 64... 
[+]

Entropy:

7.6074

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

103.5 KB (105,984 bytes)

The file úåëðú îé÷àøã çéðí.exe has been seen being distributed by the following 14 URLs.

http://f2h.nana10.co.il/.../pvga4q0u7ief|2b01142220d555270d7d95fb3317fea7|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|28412dbe93f1dd1dd11a6571cd03370c|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|1ed06d8a837769bf0b9cbbc96dc036f1|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|afc11efbde5aaf7448ee74fca9af4e2c|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|bdb3bcb9f8ecf3e4d1d8a0b4d79819f3|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|1f37ff110eb37dfcf06d503f62f680fb|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|569c864fa2a10d1d9eae4022fbbc1353|.exe

http://serv38.f2h.co.il/.../pvga4q0u7ief|4272934f6db398394ae00d478c27e41d

http://f2h.nana10.co.il/.../pvga4q0u7ief|e28c31c043b7fad86ded6b71014be36f|.exe

http://serv38.f2h.co.il/.../pvga4q0u7ief|c92d909f21d9db35e15335e091644a18

http://serv38.f2h.co.il/.../pvga4q0u7ief|ba272ae61591fe564fb1b0a49ace41a2

http://f2h.nana10.co.il/.../pvga4q0u7ief|32d9da45da06dcfa824207e5866790d4|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|0a025186ef11e1695ac46e3567e97c18|.exe

http://f2h.nana10.co.il/.../pvga4q0u7ief|07e4d91fa70bd445cf7a58e9746fcbbb|.exe

Scan úåëðú îé÷àøã çéðí.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.