windows printers.exe

The executable windows printers.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from veevasystems.egnyte.com.
MD5:
c3e51e0206f542d369887838888da1e8

SHA-1:
7250a24302568ac914e0b7728378214467f0cde8

SHA-256:
6d919d56a8ceb2965e98700541a3ad760a5d8acf3153137f7e771b6a52dcdca5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 3:17:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.19.17

File size:
117 KB (119,808 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows printers.exe

File PE Metadata
Compilation timestamp:
6/15/2015 9:06:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
1536:o1Tzy48untU8fOMEI3jyYfPijChUTsGLYXytkS+PzkpOi:CzltUeOsajC2TsMYXyGPzk3

Entry address:
0x1000

Entry point:
68, 00, 01, 00, 00, 68, 00, 00, 00, 00, 68, D8, E3, 40, 00, E8, 5C, 30, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 55, 30, 00, 00, A3, DC, E3, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 42, 30, 00, 00, A3, D8, E3, 40, 00, E8, BC, 2F, 00, 00, E8, C7, 9A, 00, 00, E8, 6E, 99, 00, 00, E8, 90, 7E, 00, 00, E8, BB, 79, 00, 00, E8, 63, 73, 00, 00, E8, E7, 6F, 00, 00, E8, 29, 6E, 00, 00, E8, 06, 6E, 00, 00, E8, 78, 6D, 00, 00, E8, DB, 64, 00, 00, E8, 05, 55, 00, 00, E8, 11, 47, 00, 00...
 
[+]

Entropy:
6.0622

Packer / compiler:
PKLITE32, 0x1.1

Code size:
41.5 KB (42,496 bytes)

The file windows printers.exe has been seen being distributed by the following URL.

Remove windows printers.exe - Powered by Reason Core Security