home

alarmclock.exe

rSpark

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-08-70-docs.googleusercontent.com and multiple other hosts.
Publisher:
rSpark

Version:
1.0.0.2

MD5:
61af0b0222b5b64ceb64f7fa3f6ad184

SHA-1:
b561af4b4052d3c27770ee55ec749c3d64c2dfc0

SHA-256:
e12a01abe45a905451171f5ec878ef8de97e5f3331fd463b9022a8dad43adf85

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 4:33:45 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
17892

McAfee
Artemis!61AF0B0222B5
5600.7156

Norman
Suspicious_Gen5.VTXL
11.20140419

VIPRE Antivirus
Trojan.Win32.Generic
27128

File size:
1.3 MB (1,382,912 bytes)

Product version:
1.0.0.2

Copyright:
Copyright © rSpark, 2013

File type:
Executable application (Win32 EXE)

Language:
English

File PE Metadata
Compilation timestamp:
2/7/2013 4:34:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:vavpAsUnv4t4FRzMe72gnJBSIT8fOzS8bnh9dMtaCw7tugux2TrhbICwhR:wpATvO44eBhQfOW8bn+taCwZvq2TdbIC

Entry address:
0x18A04

Entry point:
E8, 80, 59, 00, 00, E9, 79, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 48, 18, 43, 00, 00, 74, 05, E9, 3A, 5A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F...
 
[+]

Entropy:
7.8360  (probably packed)

Code size:
153.5 KB (157,184 bytes)

The file alarmclock.exe has been seen being distributed by the following 2 URLs.

https://doc-08-70-docs.googleusercontent.com/docs/securesc/5n64jg800jpiort2rarh5t6d4umbtspl/rim7ckkfef9l32i0b5nner6ajvv4as35/1476972000000/00701210391617309587/.../0B0pQUfT89RICQXRUN2c4OEpNZGs?e=download&nonce=5l2mplr6pege0&user=01229531287284111227&hash=ee0vpsdml2h0jlae182194ost828rjh9

http://software-files-a.cnet.com/s/software/12/89/74/.../alarmclock.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to WIN-C7UCSTOUIVP  (184.75.210.242:80)

Scan alarmclock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.