» airfileup.exe
Overview
Analysis
File Details
Behaviors (1)

airfileup.exe

up_client_air

BankPrime.Corp

File name:

airfileup.exe

Publisher:

BankPrime.Corp (signed and verified)

Product:

up_client_air

Description:

up_client

Version:

2, 1, 5, 1

MD5:

10d1ed068d8f54bb5966f1c13ab9dc81

SHA-1:

395d3cdf605ab0a322c3130ff29d93a5ce172c2f

SHA-256:

df1fc7d38cb9ee5a525d87633d33d2a6a971b9e403b24844c0bf440a9b6915af

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 5:02:05 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan-Downloader.Win32.MultiDL

t3scan.2.0.7.0

File size:

2.9 MB (3,037,032 bytes)

Product version:

2, 1, 5, 1

Original file name:

up_client.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\airfile\airfileup.exe

Digital Signature

Signed by:

BankPrime.Corp

Authority:

VeriSign, Inc.

Valid from:

10/5/2012 9:00:00 AM

Valid to:

10/6/2013 8:59:59 AM

Subject:

CN=BankPrime.Corp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BankPrime.Corp, L=Guro-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7996639A6CD49F1EFDECBEFB7682AE66

File PE Metadata

Compilation timestamp:

11/2/2012 4:18:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:MK6A1vM2C5y+pm43VJM8zZYPSZ0Fo06E8tVf/Ir6kOExKlxQhkZU:yAGm4npt70FAE8nf/Ir6yxKlxLU

Entry address:

0x615BC

Entry point:

E8, F6, C0, 00, 00, E9, 16, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, E4, E3, 49, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, E4, E3, 49, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B... 
[+]

Entropy:

4.9243

Code size:

500 KB (512,000 bytes)

Windows Firewall Allowed Program

Name:

C:\Program Files (x86)\Airfile\AirfileUp.exe

Scan airfileup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.