home

زخرفة الحروف والجمل.exe

WwW.3asfh.NeT

max_mass@hotmail.com

Publisher:
max_mass@hotmail.com

Product:
WwW.3asfh.NeT

Version:
1.00

MD5:
ac1d20ac0f7b29d7f9a3ff23dd06b01d

SHA-1:
17da0b83c2ccfac863449c8182d42d0063df64af

SHA-256:
216ad5e7a4c3defde68c49800342ba097ea155bc68dca82e4c5dd1e8ef7c4cf7

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/18/2024 3:10:07 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Adware.Agent.NUA
8.13.12.26.03

File size:
76 KB (77,824 bytes)

Product version:
1.00

Original file name:
!!NiCe-BoY!!-.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\?????? ????? ?????? ??????\????? ?????? ??????.exe

File PE Metadata
Compilation timestamp:
5/19/2006 9:28:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:/TSZF1hJq88sfYx/fxCNhphwZi16NXjXqZLVhOKEYmeORs2bPFWtv9zRZuc9JSF/:/GZF2sg/CDKi1qTWCEavCVeqIFF

Entry address:
0x21EC

Entry point:
68, CC, 2E, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 98, 16, 78, 5A, C8, FE, E8, 4F, A6, 28, 73, 75, 2E, 91, 9C, A5, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 22, DC, C4, 22, 0D, 0A, 46, 6F, 6E, 74, 5F, 54, 72, 61, 6E, 73, 66, 6F, 72, 6D, 65, 72, 00, 20, 63, 20, 3D, 20, 22, ED, 00, 00, 00, 00, FF, CC, 31, 00, 11, DF, ED, BB, D7, FA, B3, 01, 43, A7, 82, 6F, 80, DD, 48, 8F, C1, 0A, A5, 05, E0, 00, AD, 61, 47, 89, 54, 99, 0B, 1B, 95, 01, 73, 3A, 4F, AD...
 
[+]

Entropy:
4.8507

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
64 KB (65,536 bytes)

The file زخرفة الحروف والجمل.exe has been seen being distributed by the following URL.

http://fileshare1250.depositfiles.com/auth-1463435557c62bb8b7ee8bcb544ac7b2-95.159.72.73-2565382719-130958166-guest/.../????? ?????? ?????.exe

Scan زخرفة الحروف والجمل.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.