» winamp501.exe
Overview
Analysis
File Details
Downloads (7)

winamp501.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s6728.chomikuj.pl and multiple other hosts.

File name:

winamp501.exe

MD5:

04857fe08f67987726503d3c5a1ceb9b

SHA-1:

6a6fd09cc4cfce0875a02cc0827cca598b85d0c1

SHA-256:

58feb2d86ec70f5e20cbd7189a55d5d79f3bbdfcd6c5fda368e9d4c16fd85f90

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 12:17:45 PM UTC (today)

File size:

4 MB (4,228,953 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

11/19/2003 3:51:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:oKNKqaCe/LQQpxPM3I2bJ+lCulH5xZ7POG268AWIye:TKvQsPA1JwDx5PWV5e

Entry address:

0x429B

Entry point:

83, EC, 10, 53, 55, 56, 57, C7, 44, 24, 14, 60, 91, 40, 00, 33, ED, C6, 44, 24, 13, 20, FF, 15, 2C, 70, 40, 00, 55, FF, 15, 94, 72, 40, 00, BE, 00, 34, 42, 00, BF, 00, 04, 00, 00, 56, 57, A3, 60, C2, 41, 00, FF, 15, D8, 70, 40, 00, E8, 9F, FF, FF, FF, 8B, 1D, A4, 70, 40, 00, 85, C0, 75, 21, 68, FB, 03, 00, 00, 56, FF, 15, D4, 70, 40, 00, 68, 1C, 92, 40, 00, 56, FF, D3, E8, 7C, FF, FF, FF, 85, C0, 0F, 84, 59, 01, 00, 00, BE, E0, B9, 41, 00, 56, FF, 15, 80, 70, 40, 00, 68, 10, 92, 40, 00, 56, E8, 0F, 28, 00... 
[+]

Entropy:

7.9992 (probably packed)

Code size:

24 KB (24,576 bytes)

The file winamp501.exe has been seen being distributed by the following 7 URLs.

http://s6728.chomikuj.pl/File.aspx?e=7zjecUaQzYK4mQn-AA2mjNKogRGVdJcYSdPKkHFPFX-tOOMFSu0fzfmfFF707zuedk1na_Y1j65rZpZ78XC9kXvuoTWD1QXjbHIPReISBYsgqoiSAIAqoUxIt6PF4GTPPBaROq_WfOIPtYIaBwCcNQ&pv=2

http://s10569.chomikuj.pl/File.aspx?e=u53SE6NaTpRHnojth4CHPCwUVU-yacIcYjw_VB5oGYfQ3LybBmra-HkK4tDHuWFmC9TAdSUq5BG2JkTIifu7qiZZLSCS_lwPpm0ilheOdp7lalyx9Ag9OQnbzwY3MgU3VWsc6Ae9Aqpvw8m7FdxBDQ&pv=2

http://s6728.chomikuj.pl/File.aspx?e=u53SE6NaTpRHnojth4CHPLwZshUbA9Jz8bdZMw8RXSmjAlsSIOQ3xZeiAomXwR8hhCpHg3ZkM841CxqV0Tt_HGAtnLtzm_8MeCSLjNZl2LRHQzN3tZKF4-R4Qy2H9W7TmM6e9OOMlu-bfH1Qb3ZUVg&pv=2

http://s10569.chomikuj.pl/File.aspx?e=u53SE6NaTpRHnojth4CHPDE5x67uRWMVR8tYbTRKKZUOy2KYDztcnLxAFZgFPqCf3VMe2PtjDPZ3TbzAu5QnbDd6SPHvjn4N1XbNnT04bAUwaMR-4If3Ym8sCNcMjCopWsL4efRH8nUpIac3vijhbA&pv=2

http://s6728.chomikuj.pl/File.aspx?e=u53SE6NaTpRHnojth4CHPIaQRCy5GpaslBxP6MIeYtxRhZ_UCKYe2km0wIRQAY8ucKm8k0Ehixn4N3EzTnrOEWpgeqeEmEJoLmcJdD3q5CPUnYPjlwTRcJRVmJ814OYtCPBuweqNFoA_bZRBgQMWGQ&pv=2

http://localhost:8080/files/.../winamp501_full.exe

http://s10569.chomikuj.pl/File.aspx?e=u53SE6NaTpRHnojth4CHPLwZshUbA9Jz8bdZMw8RXSkprhMQ613Ioisq2Bc_HNpNSMELuALeZRQHJqxzf7kIXfu2IQu3mN8Kj5sjPDwbyncHjVr1cSiWnLwb87rUrgrak_vxnarIWTUG_mkPcUuO4A&pv=2

Scan winamp501.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.