home

up.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s.dropcanvas.com.
MD5:
4caba4c98e3238dd490fb26d45678b78

SHA-1:
597d384c79bd296868b8dd2b5840da747527ccb8

SHA-256:
2534ff9828d6d4a7e04a4d2542eb201b9d3f4b79c5e39c98309a050cbe2ab7c6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/13/2025 8:40:36 AM UTC  (today)

File size:
285 KB (291,842 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\up.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:ypWw5hV0RBFlJVPeuJ0b0GO8JkVZUUFw5HaDUqPrNdTUiIcZNO+:oRkrPD0wGO8J0JwPqPRdTUi9k+

Entry point:
67, 70, BA, 2A, 29, 2A, 2A, 2A, 2E, 2A, 2A, 2A, D5, D5, 2A, 2A, 92, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 6A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, 2A, D2, 2A, 2A, 2A, 24, 35, 90, 24, 2A, 9E, 23, E7, 0B, 92, 2B, 66, E7, 0B, 7E, 42, 43, 59, 0A, 5A, 58, 45, 4D, 58, 4B, 47, 0A, 49, 4B, 44, 44, 45, 5E, 0A, 48, 4F, 0A, 58, 5F, 44, 0A, 43, 44, 0A, 6E, 65, 79, 0A, 47, 45, 4E, 4F, 04, 27, 27, 20, 0E, 2A, 2A, 2A, 2A, 2A, 2A, 2A...
 
[+]

Entropy:
7.8284  (probably packed)

The file up.exe has been seen being distributed by the following URL.

http://s.dropcanvas.com/1000000/684000/.../up.exe

Scan up.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.