home

air939e.exe

Version:
0.0.0.0

MD5:
75ed864ff4a9548f69f8c17c4a89d30f

SHA-1:
32fa92ad59c31d7e04f7b3b7666971017d490fcf

SHA-256:
ab24d3b2cbe1a655252cffdd01d2f3cdac6b9731c07f8e91ce99c23a5892b089

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/5/2024 9:04:06 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
30090

File size:
5.6 MB (5,820,416 bytes)

Product version:
0.0.0.0

Original file name:
hamachi.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\air939e.exe

File PE Metadata
Compilation timestamp:
9/16/2013 4:58:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:6XwsB7J2w/wNtPeXRhGxeOTSHbmJqQdyPr/6JfNu3QcVR4vc/wF1Mn5l9OhZTUrv:6h7J0jTSNr/60jWlysZgrMiktcC7ZijM

Entry address:
0x571DBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6755

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
5.4 MB (5,701,632 bytes)

The file air939e.exe has been seen being distributed by the following 7 URLs.

http://www.capitalvaultsbits.com/Ks61zeHj7DJLS4 2BmG84s_A0ElwISjoXrdCVk5fQULz6znnhnEZ6qTp8ZTo9Rcei9BIn6WXVHO1zt8t4sMmNnVWspTuvhW3HVHZrEfqq0HT8dmm7yZXn3zq2yZAJiojfjbsCeD7ZMur_35NXz1kcLPHDJplAYt59c0YEYi2ecaPjgGjo5bDnl9VVwKJn0GSEIxDGRmcXZTolKWsr25rrqDToV79QQ==-GysAAASacWg9DGmXNFrgkAP2b08SCwyCjbFzFRzNXGPiB3ZGfs5kb9GLc2oK

http://www.capitalvaultsbits.com/ un46a8Oivl PcXSmkwpsOVK7oEGmTjYCpWfDprhyYiwJh4V2wHm9bLFVEVOgI rbFEyaMlul3vRggrM0yB3iRqQtPrGLg3Nrjcct0wgXMHLcDMrj2MOnRZi60gq4Yjg4msANQ5haoqcShsAaPD5p5pxzb_m4JWqmaYMvdkIbh7r_gBjNtyHdkXD1wq7NTT5atyBtRigM8kEhniGt31Oayxt2 Lv g==-GysAAASacWg9DGmXNFrgkAP2b08SCwyCjbFzFRzNXGPiB3ZGfs5kb9GLc2oK

http://www.capitalvaultsbits.com/rZoFJg0Mzm TUU5HQOjpgOK1r_iTDxQx3WpSk0VpST1i64SgLQvhXQgw1ZFNQ4AmSsBy7ophqby5uMMy6ltxrl6lE6ui_WKQ1lNYP_LDJ1wa57ruTFdoj97M849GIsf0ufyk0Y4hipS X_fIXo4RYXNdLNbuZmC6t5qyQIrOFHDQ45SHbc52eHC2WAUZ6q48c K2HKZqeNRFAf9Y2iBgrnHSRwmj1Q==-GysAAASacWg9DGmXNFrgkAP2b08SCwyCjbFzFRzNXGPiB3ZGfs5kb9GLc2oK

http://www.capitalvaultsbits.com/LTfjj0tfP5WaZuZUvsb1To68oJGcN3oP4kxTqXPdimKJ02xLdU6c5Di0dcThEqYmoZLO8LvoXhgmxfjTKnmlwbX2QdUaluC4rpltgM6V82E9g_8qPh hLZ_Z73aUcUiWENKuDgcREyZ7b_bqc1rRr1pFBKei8t7vlefB833_LpMPBq8apMNeOKliMm7S6Se9F7qZ MRp-GysAAASacWg9DGmXNFrgkAP2b08SCwyCjbFzFRzNXGPiB3ZGfs5kb9GLc2oK

http://www.capitalvaultsbits.com/c?x=wr8pS0XBAUQS8elXc8W9qnObw1CI0iaA/NCkbgadL8c=&c=hDrcjzKdDDA1kycbkzzhvrQefdAWkOBMqwq1vjlFGjeHC3/IZEA1qv 8YedeUMW6zdqt8XGolxznWaXiVITv6Kj Cmj5Xi8cZwBcZgQ2wdAY3fkEZkUrn4xMNjbdDOh xhL3e6Cj/2QyhNrVpJW/grvYPf19BusHLRuRkSd/l5Y=&e=0&downloadAs=Hamachi Setup.exe&fallback_url=http://www.downloadfree6.com/landers/.../download.php

http://www.capitalvaultsbits.com/c?x=sXDnU2Bblm dDpkW1DN0Wst5NvTs1Ecu0aB6BDGEiqQ=&c=hh3tjuWx mOKb EdNm9TnSC3 NoUTFtTjlW6u4ppacT5WPmUtLwB3NRf0A611MbOSgxTWIlRYbvq04nVsmq CQisbL6kekNfGq97Zy6avYY1uAKHnwD7hdiqTkWYmzPH9N1Fr2vI7AGw0N5H7g CV1kLabSA1GdtLH2D36iUYI=&e=0&downloadAs=Hamachi Setup.exe&fallback_url=http://www.downloadfree6.com/landers/.../download.php

http://cdn.downtoad.com/.../hamachi.exe

Scan air939e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.