home

wch6hp0cooe.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download1662.mediafire.com and multiple other hosts.
MD5:
6b4ee4f386ec30bb68530eb0dc55096b

SHA-1:
6eaf68ec8ec595a8174ad190e5eaed2d58e0990d

SHA-256:
263a08bb2ff1c7ee48632de29e981ac6cb929f7143a42f78cbd256edd103a9cf

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 2:09:19 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Agent
2014.03.06

Bkav FE
W32.HfsAutoA
1.3.0.4959

McAfee
Artemis!6B4EE4F386EC
5600.7200

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14304

Trend Micro House Call
TROJ_GEN.F47V0301
7.2.65

File size:
4.7 MB (4,931,076 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wch6hp0cooe.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:q7JNmZAdz6Z8RUxOxSxCBn2+O8Vj20q4nB9cS:qFNMEhUYxNB2+nVK0qOeS

Entry address:
0x52B973

Entry point:
68, 49, 66, B1, 7F, 89, 0C, 24, 66, C7, 04, 24, 2F, 3D, E9, C8, 2D, 3B, 00, C0, 18, 5A, 72, E5, 03, DA, BC, C5, B1, FF, CB, 0A, A3, 3D, 39, 40, 41, 8C, B6, 82, 4B, 31, 19, 01, C9, F5, 44, 2D, A1, 50, 67, 1A, E2, 9E, 7A, 79, 9C, 76, A6, 85, FD, 66, 6E, 0F, 8A, 93, 54, 9F, 18, 6B, C4, 32, AA, 5C, EC, F7, B8, 27, C8, 46, 6A, 2D, 4E, E5, DC, 2A, D5, A8, 6B, 1C, 63, AE, CB, E2, 7A, 13, 8C, 7F, DB, 8F, 69, D5, 36, 4D, D2, BB, EB, 82, 26, 71, 5C, B8, 48, 63, C6, A7, EC, 54, 6D, 71, 08, AC, AA, 4A, 14, D4, A7, 2F...
 
[+]

Entropy:
7.8629  (probably packed)

Code size:
1.5 MB (1,590,784 bytes)

The file wch6hp0cooe.exe has been seen being distributed by the following 2 URLs.

http://download1662.mediafire.com/3g5s4122o1pg/.../rename_me.exe

http://xzone-reactor.com/.../rename_me.exe

Scan wch6hp0cooe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.