Windows.exe

Windows

This is a setup program which is used to install the application. The file has been seen being downloaded from rgho.st.
Publisher:
Windows

Product:
Windows

Version:
1.0.0.0

MD5:
e8464a3e7573a0839e75ca802028d179

SHA-1:
20fe353af415925ecec3a8e98e13c322c3681317

SHA-256:
d075ea23f9507e3d88e6d02a3f41c2bc8f47fffd47345de0560b903b4f96da5c

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 1:41:18 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1674

IKARUS anti.virus
Trojan.Win32.Fsysna
t3scan.2.0.9.0

Qihoo 360 Security
HEUR/QVM41.1.0000.Malware.Gen
1.0.0.1120

File size:
6.2 MB (6,544,800 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Windows.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\windows.exe

File PE Metadata
Compilation timestamp:
5/15/2016 6:27:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:aMCLDj2mCrNw3L5VXfLMiw7AtdG60/cVlB4ukFZEop1YsVS4B/4b/cb/FAp:aMiYW73UFZEoAsVG

Entry address:
0x38E47

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
220 KB (225,280 bytes)

The file Windows.exe has been seen being distributed by the following URL.

Scan Windows.exe - Powered by Reason Core Security