home

bytescout-xls-viewer-2-31-32-bits.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
MD5:
53f4478a95bd52cb05872bcb157b4d2e

SHA-1:
10350ecd70c86cafa6442edd2d25830d8a071fb4

SHA-256:
d1fd0ce69c10bb8d4bb1ef896dc5dc3b39cd5e329086433709124ee116f7d44d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:54:42 AM UTC  (today)

File size:
461.2 KB (472,267 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\bytescout-xls-viewer-2-31-32-bits.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:2cipSBuHFwLyDnuXnSk1gevEH/HrSiz9XnF8pctn3dbspVY4WT0Jdhka4ZlqfvRn:2pksHTny150PeitnEcxtEp5gQv0E

Entry point:
50, 4B, 03, 04, 14, 00, 02, 00, 08, 00, 4D, 99, 97, 3B, FC, 14, D4, B9, 5A, 02, 00, 00, 57, 05, 00, 00, 0B, 00, 00, 00, 48, 69, 73, 74, 6F, 72, 79, 2E, 74, 78, 74, 7D, 54, CB, 6E, DB, 40, 0C, BC, 0B, D0, 3F, B0, 39, F9, 11, 07, 96, 82, 22, 69, 7B, 72, 9B, 00, 45, 91, C4, 07, 17, 69, AE, 6B, 89, B2, 17, 5D, ED, 0A, BB, 2B, CB, BA, F4, DB, 4B, EA, E5, 47, DD, F8, 60, C8, 30, 67, 38, 1C, 0E, F5, B5, F6, E8, 12, 53, 7A, 78, 7B, 5A, C1, AB, C4, 0A, ED, 67, D8, A1, 75, D2, 68, 07, 5B, E9, BC, B1, 75, 18, CC, FE...
 
[+]

The file bytescout-xls-viewer-2-31-32-bits.exe has been seen being distributed by the following 2 URLs.

http://www.ranchsendgift.com/P9yxPknKGZpCs4vJJal3I0pvCoWjib8X1VFdnjilED6gwq epzJLdL9t8O1EKp2dufjJSuVmX5sEgu4aZOWCdbGB7FIuqk4Q3T41mwGJ4F8bJNcXr61eYq15Vxkhltj11OEcXwsqk6WZGyRb3OvJcA_WWt_5JuWmm R1LcGrdwLvLtOKNfdTf6DkL6a68HpBHJ36pZq y5gJkG9VT_2nuom2NiELug==-GykAAOTNYWwa8w2CoJzBaUEKkWUXjW0cyBsT__zWRvKsUIsUbwwl1vC9AA==

http://bytescout.com/files/.../xlsviewer.zip

Scan bytescout-xls-viewer-2-31-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.