home

unicode_mongolian_fonts_full0.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.itexpert.mn.
MD5:
a75ac126f8924f968700c5887e97e392

SHA-1:
55f179b1ae7be535a5c5fae084dc1676988f348a

SHA-256:
36ca1e0ba2f10eb7605669bbb6e7d16476038a409a2e2643c5f7f1a84842948c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 6:36:08 PM UTC  (today)

File size:
16.6 MB (17,357,760 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\unicode_mongolian_fonts_full0.exe

File PE Metadata
Compilation timestamp:
2/21/2009 11:46:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:nlvEokcjeYSoGTgSz0hEoCe2Dp0uv/Tsp58N/9NhC:lVjBScELJDHv/oHK1No

Entry address:
0x30FA

Entry point:
25, 1E, B4, 8F, 1C, C6, C2, 49, 80, DE, D1, 71, 03, 0F, B6, EE, 0F, B6, F4, E8, 23, 00, 00, 00, 81, FA, 30, 8A, 00, 00, 71, 09, 0F, AF, DB, 0F, AF, D0, 0F, AF, F1, 86, F7, 29, FB, 81, ED, 9D, DF, 00, 00, 3B, C7, 81, ED, 08, 05, 00, 00, 5D, 0F, 6E, D5, 88, EB, 0F, C8, 0F, AF, F7, 33, D2, 81, FD, 9D, 32, 00, 00, 74, 04, 89, C8, F6, D1, 0F, 7E, D0, F6, C2, 67, 8D, 2D, 73, 2C, B4, 91, 81, FF, 58, DA, 00, 00, 78, 03, 80, C2, CE, BE, 35, 55, 03, 00, 49, 81, F6, AA, F8, 00, 00, 81, EE, 23, B4, 00, 00, 80, FB, 11...
 
[+]

Entropy:
7.9991  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file unicode_mongolian_fonts_full0.exe has been seen being distributed by the following URL.

http://www.itexpert.mn/Files/.../Unicode_Mongolian_Fonts_full0.exe

Scan unicode_mongolian_fonts_full0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.