home

using.exe

MD5:
0f86ffdec189f5892f3ffed4bd1638ea

SHA-1:
1741a1b3ab2c190bc469feaf5681ac8525afb038

SHA-256:
f7613e67e1d61ad0017039f575d4fd1d0fc04c30467dac69f79c4d56d1138c42

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 4:27:30 PM UTC  (today)

File size:
1.8 MB (1,921,805 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\using.exe

File PE Metadata
Compilation timestamp:
5/25/2016 6:20:41 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.24

CTPH (ssdeep):
24576:NSnMdjPDNJyWGAA5omEHl021XUnACI78JsU3Aot+Ec0xMkwd0MzWsR5F:snMdjPDNDGAA5slJ17Pd0MzWsR5F

Entry address:
0x1500

Entry point:
48, 83, EC, 28, 48, 8B, 05, 55, B7, 08, 00, C7, 00, 00, 00, 00, 00, E8, 9A, D2, 00, 00, E8, 95, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 48, 89, E5, 48, 83, EC, 30, E8, 53, D2, 00, 00, 48, 8D, 15, BC, 6A, 08, 00, 48, 8B, 0D, 85, B1, 08, 00, E8, 10, D7, 06, 00, 48, 8B, 15, 89, B1, 08, 00, 48, 89, C1, E8, F1, BD, 04, 00, 48, 8D, 45, FC, 48, 89, C2, 48, 8B, 0D, 33, B1, 08, 00, E8, 1E, 9F, 04, 00, 8B, 45, FC, 83, F8, 0A, 7F, 15, 48, 8D, 15, 93, 6A, 08...
 
[+]

Entropy:
5.5206

Code size:
450.5 KB (461,312 bytes)

The file using.exe has been seen being distributed by the following URL.

https://doc-00-68-docs.googleusercontent.com/docs/securesc/t8lno7tcsp059570pkhsvpnh0mvs3j2q/f9t203smkvb0t3k9kbe8g0npkc9fbhgt/1465401600000/.../14353993694709500350/0B0i12hQX4pZRcm9Ud2l6ejF6bXM?h=08716218212842694116&e=download

Scan using.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.