» x86_powershell_injection.exe
Overview
Analysis
File Details
Downloads (1)

x86_powershell_injection.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from fs01n3.sendspace.com.

File name:

MD5:

378b338edcb0c2cce424d85b13bf2cbe

SHA-1:

79e026684d40b2e05c95e4bd65bb43c48e68315d

SHA-256:

73783be0f9ca3e29ca7dbeea93c1ce74ca4c74f4a7f47727b143e4d9c1579f48

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/15/2024 1:36:20 PM UTC (today)

File size:

6.5 KB (6,655 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\x86_powershell_injection.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

96:+b6bcZh3JZcZh+dS8hXUnV6lIvmKUPiMKau1Ke/m1L9mytWkfuxW9N1Isl8:gh5Ch4S8yn85SmBMytWkfo2N1r8

Entry point:

70, 6F, 77, 65, 72, 73, 68, 65, 6C, 6C, 20, 2D, 6E, 6F, 70, 20, 2D, 77, 69, 6E, 20, 68, 69, 64, 64, 65, 6E, 20, 2D, 6E, 6F, 6E, 69, 20, 2D, 65, 6E, 63, 20, 4A, 41, 41, 78, 41, 43, 41, 41, 50, 51, 41, 67, 41, 43, 63, 41, 4A, 41, 42, 6A, 41, 43, 41, 41, 50, 51, 41, 67, 41, 43, 63, 41, 4A, 77, 42, 62, 41, 45, 51, 41, 62, 41, 42, 73, 41, 45, 6B, 41, 62, 51, 42, 77, 41, 47, 38, 41, 63, 67, 42, 30, 41, 43, 67, 41, 49, 67, 42, 72, 41, 47, 55, 41, 63, 67, 42, 75, 41, 47, 55, 41, 62, 41, 41, 7A, 41, 44, 49, 41, 4C... 
[+]

The file x86_powershell_injection.exe has been seen being distributed by the following URL.

https://fs01n3.sendspace.com/dl/0b86481bd44416c430ff62ae5146e8fa/5786838d742d7887/.../x86_powershell_injection.exe

Scan x86_powershell_injection.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.