windowsfile5690566803994868086.exe

lD9SfX

Daniel Atallah

Publisher:
fYjLay  (signed by Daniel Atallah)

Product:
lD9SfX

Description:
3G4xGk

Version:
64.54.46.25

MD5:
fcd752a43d37fbe38784a3bfedce14cd

SHA-1:
70e49be0a583e6d166f64864df7666f43b465424

SHA-256:
bdbe50e4d0e3b57fc199b4e648a13ce93f03ea8c74768b56a468ac071771139e

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 4:44:13 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Kryptik.GGI trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.223.1545.0

File size:
332.6 KB (340,560 bytes)

Product version:
64.54.46.25

Copyright:
WVL7wb

Original file name:
duck.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\local\temp\windowsfile5690566803994868086.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
9/11/2014 7:36:56 AM

Valid to:
9/11/2016 8:37:54 AM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
1015

File PE Metadata
Compilation timestamp:
5/31/2016 8:46:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:64PrStaki8arotieb5NHXqEuBx9Hp07jNBLgATV1MtyrwdaJJ:bPlf8aAie1N3bu79J0tTVNrcoJ

Entry address:
0x4256E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
257.5 KB (263,680 bytes)

Scan windowsfile5690566803994868086.exe - Powered by Reason Core Security