wnrrv5.21esx86x64.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www16.uptobox.com and multiple other hosts.
MD5:
4df2d64b7b2b827eb503a62e1e838093

SHA-1:
ebda25da2500cbc6ecf69af77d2b943e922ed840

SHA-256:
3cc1dc8e13ed5ea41b6bd9e0b70f190538018fc31435cde7262864802f847da3

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/29/2024 6:43:47 AM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Backdoor.DarkKomet.Win32.27082
2.0.0.2067

File size:
3.7 MB (3,928,041 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wnrrv5.21esx86x64.exe

File PE Metadata
Compilation timestamp:
6/9/2012 10:19:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:Lb8DaUpzAg4Ty++9nIW0cKOocq9uq4UsS:LnUXBXIW0Qmuje

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Entropy:
7.9957  (probably packed)

Code size:
73 KB (74,752 bytes)

The file wnrrv5.21esx86x64.exe has been seen being distributed by the following 36 URLs.

http://www16.uptobox.com/d/.../WNRRv5.21ESx86x64.exe

http://fra-7m18-stor09.uploaded.net/.../07b02695-7c9f-4f01-8cee-63543d8dcf4a

https://a-9.1fichier.com/c32073680

https://a-9.1fichier.com/c341113605

https://a-9.1fichier.com/c49793795

https://mega.nz/temporary/.../9tNxkLzC

http://fra-7m18-stor09.uploaded.net/.../64950d47-1902-4e65-b4ef-c83a5f6e75c2

https://a-9.1fichier.com/c32030292

https://a-9.1fichier.com/c42466714

Latest 30 of 36 download URLs

Scan wnrrv5.21esx86x64.exe - Powered by Reason Core Security