wr-joalgoba.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from download1931.mediafire.com and multiple other hosts.
MD5:
0685937b81db91c5908e3658ed957e83

SHA-1:
4b90e9bef8eba5c8e1d880dc0c3261ec7dca00d0

SHA-256:
c0444efbcaa4f3bdf7485789ea2a6679d99d06c4ed3fded09340058c8fc9e490

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 4:45:21 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.6328856
0.98/21511

K7 AntiVirus
Riskware
13.212.17996

Trend Micro House Call
PAK_Generic.005
7.2.5

Trend Micro
PAK_Generic.005
10.465.05

File size:
1.2 MB (1,289,764 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wr-joalgoba.exe

File PE Metadata
Compilation timestamp:
11/1/2004 11:56:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:MeGA0juQWaYOz6+hFS9TomgtxSBUvFQW9e2NTj9DFnwteTIPfakPUFXRccl:7GA0j7WW++XS9cmmxp/e29tFnSeKlP2f

Entry address:
0x37AA0

Entry point:
60, BE, 00, 90, 42, 00, 8D, BE, 00, 80, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
60 KB (61,440 bytes)

The file wr-joalgoba.exe has been seen being distributed by the following 26 URLs.

http://download1931.mediafire.com/m6n0od0ci4xg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/tejp3e0q6ksg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/8zu37lnf7tjg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/gv5livdgw8bg/.../Wr-Joalgoba.exe

http://download1297.mediafire.com/1ii4ilup9n9g/.../Wr-Joalgoba.exe

http://download696.mediafire.com/o1rs7f179ayg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/0n67m930y3lg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/h2u369hphjwg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/1d8abziovjwg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/zr584hqv15jg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/dlq94aax0n6g/.../Wr-Joalgoba.exe

http://download696.mediafire.com/gdo1l9lbpstg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/fv7x0cvvvoug/.../Wr-Joalgoba.exe

http://download696.mediafire.com/9hibdnoyvqxg/.../Wr-Joalgoba.exe

http://download1829.mediafire.com/ocj8u5o57zwg/.../Wr-Joalgoba.exe

http://download696.mediafire.com/utso1v7f22ug/.../Wr-Joalgoba.exe

Scan wr-joalgoba.exe - Powered by Reason Core Security