home

a1_1 - phenjawan promsri.exe

MD5:
65fc8afe69c7cdc05f388a42647fa3df

SHA-1:
649ee845fccbf17b45f524e097807c579053dfd8

SHA-256:
56be1cdc19e1cc14c6362c7ef837ebe1967beaa6fc67ecfdbb0b52ef4a4555df

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 1:07:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.A
7.11.30.172

File size:
126.8 KB (129,815 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\a1_1 - phenjawan promsri.exe

File PE Metadata
Compilation timestamp:
1/19/2016 11:16:26 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
1536:E6OpBG2wKWFdmPdmD4NzeNLwnAQzPO3Yv2TWeQYaMzPz2UvMWHnsX90iUVkbI9dI:E6OpB/WN4YNgGoKdQYa2uekmqD39

Entry address:
0x14D0

Entry point:
48, 83, EC, 28, C7, 05, 72, 5B, 00, 00, 00, 00, 00, 00, E8, 1D, 10, 00, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 55, 48, 89, E5, 48, 83, EC, 50, E8, E3, 0F, 00, 00, B9, 00, 00, 00, 00, E8, 81, 18, 00, 00, 89, C1, E8, 82, 18, 00, 00, 48, 8D, 0D, EB, 2A, 00, 00, E8, 7E, 18, 00, 00, C7, 45, FC, 00, 00, 00, 00, EB, 48, E8, 78, 18, 00, 00, 89, C1, BA, 1F, 85, EB, 51, 89, C8, F7, EA, C1, FA, 05, 89, C8, C1, F8, 1F, 29, C2, 89, D0, 6B, C0, 64, 29, C1, 89, C8, 8B, 55, FC, 48, 63, D2, 89, 44, 95, D0...
 
[+]

Entropy:
5.1583

Code size:
8 KB (8,192 bytes)

The file a1_1 - phenjawan promsri.exe has been seen being distributed by the following URL.

https://docs.google.com/a/.../uc?authuser=0&id=0B521DSoP5NJoWGY1dFY3QzlhSjQ&export=download

Scan a1_1 - phenjawan promsri.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.