home

79minutes-hand.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mg.mail.yahoo.com and multiple other hosts.
MD5:
a36c48d5a995898cdf21df5ac7b97808

SHA-1:
2f8d9c513005f67b7defa890039f632cfe0b4612

SHA-256:
31438f072d2790dd143f98daa7c2f79aeb89c2d5e35c02864123ace659c4182d

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 9:14:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Small.L
7.11.30.172

File size:
1 MB (1,095,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\79minutes-hand.exe

File PE Metadata
Compilation timestamp:
5/13/2009 1:38:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:m3NTquOVQA0Aj+n048zcTa6oZA2L6JOfJA9aAbFlQaHdAu8yv5:AT1FAU0HwTdo25sAbF6k+u8Q

Entry address:
0x1D56

Entry point:
6A, 01, FF, 15, 10, 70, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 14, 70, 40, 00, 50, E8, 27, FC, FF, FF, 50, FF, 15, 18, 70, 40, 00, CC, 55, 8B, EC, 8B, 4D, 0C, 56, 57, 8B, 7D, 08, 0F, B7, F7, C1, EF, 10, 85, C9, 75, 08, 33, C0, 40, E9, F1, 00, 00, 00, 83, 7D, 10, 00, 0F, 86, E0, 00, 00, 00, 53, BA, B0, 15, 00, 00, 39, 55, 10, 73, 03, 8B, 55, 10, 29, 55, 10, 83, FA, 10, 0F, 8C, 95, 00, 00, 00, 8B, C2, C1, E8, 04, 8B, D8, 6B, DB, F0, 03, D3, 0F, B6, 19, 03, F3, 0F, B6, 59, 01, 03, FE, 03, F3, 0F, B6, 59, 02, 03...
 
[+]

Entropy:
7.8877

Packer / compiler:
FASM v1.3x

Code size:
24 KB (24,576 bytes)

The file 79minutes-hand.exe has been seen being distributed by the following 2 URLs.

https://mg.mail.yahoo.com/ya/.../VTzWkQzJcBqRhPA&fid=new puzzles&pid=2&clean=0&appid=YahooMailNeo&ymreqid=5ae27863-9f73-a4ba-0172-6c00a8010000

https://mg.mail.yahoo.com/ya/.../VTzWkQzJcBqRhPA&fid=new puzzles&pid=2&clean=0&appid=YahooMailNeo&ymreqid=5ae27863-9f73-a4ba-0172-6c0018010000

Scan 79minutes-hand.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.