home

v10.5_win64_expc.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from iwm.dhe.ibm.com and multiple other hosts.
MD5:
01317e712c5bfc028e1ae92456a886a0

SHA-1:
877c1dd46c96f80e61f1d59c81193f551b6ef3f2

SHA-256:
da992fe079c0067c9f9f8e44fb5bd4aa8206e9fd056d091a225234f6a8094039

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 2:57:34 AM UTC  (today)

File size:
611.8 MB (641,553,034 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\v10.5_win64_expc.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12582912:Vugp2FKPBZfaGXHotv+H8ogN4LhhBjgEpCuhagsa36Cr44+LP3GUg2:VR0FuXHYylgN4LhhBjgADha5ap/k/ng2

Entry point:
50, 4B, 03, 04, 0A, 00, 00, 00, 00, 00, 6C, 30, 96, 47, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 05, 00, 1C, 00, 45, 58, 50, 43, 2F, 55, 54, 09, 00, 03, FC, 2D, 79, 56, FC, 2D, 79, 56, 75, 78, 0B, 00, 01, 04, 90, 01, 00, 00, 04, 91, 01, 00, 00, 50, 4B, 03, 04, 0A, 00, 00, 00, 00, 00, 03, 1B, 96, 47, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0B, 00, 1C, 00, 45, 58, 50, 43, 2F, 69, 6D, 61, 67, 65, 2F, 55, 54, 09, 00, 03, A5, 08, 79, 56, A5, 08, 79, 56, 75, 78, 0B, 00, 01, 04, 90, 01, 00, 00, 04...
 
[+]

Entropy:
7.9991  (probably packed)

The file v10.5_win64_expc.exe has been seen being distributed by the following 2 URLs.

https://iwm.dhe.ibm.com/sdfdl/v2/regs2/db2pmopn/db2_v105/expc/Xa.2/Xb.aA_60_-i7wmrQD18-wh_kLa0tFguKl9yegz_mKXD6jc/Xc.db2_v105/expc/v10.5_win64_expc.exe/Xd./Xf.LPr.D1vk/Xg.8558810/Xi.swg-db2expressc/XY.regsrvs/.../v10.5_win64_expc.exe

https://iwm.dhe.ibm.com/sdfdl/v2/regs2/db2pmopn/db2_v105/expc/Xa.2/Xb.aA_60_-i7wmrQDJ0ZGwoKmoUGNoDiqC2SUN7iZaN1LM/Xc.db2_v105/expc/v10.5_win64_expc.exe/Xd./Xf.LPr.D1vk/Xg.8559834/Xi.swg-db2expressc/XY.regsrvs/.../v10.5_win64_expc.exe

Scan v10.5_win64_expc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.