home

c3321.exe

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

This file is installed with the program handyCafe Server. The file has been seen being downloaded from files.handycafe.com.
Publisher:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti  (signed and verified)

Description:
UpdateFile

Version:
3.3.2.1

MD5:
9f5025e44242e15e114aa592a8a5190b

SHA-1:
6cb6bb8e36720a8cec610bda7869802c2c148641

SHA-256:
2bd9e7b9e2d1d6c15aba3068a1e9c66c24ad50f7d4648d7a92e318215fb6f27d

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 6:39:08 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.MulDrop
7.1.1

Dr.Web
Trojan.MulDrop3.15114
9.0.1.0334

NANO AntiVirus
Trojan.Win32.Banload.cvcavs
0.30.24.1636

Vba32 AntiVirus
TrojanDownloader.Banload
3.12.26.4

File size:
2.7 MB (2,857,888 bytes)

Product version:
3.3

Copyright:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Authority:
VeriSign, Inc.

Valid from:
3/20/2010 2:00:00 AM

Valid to:
5/5/2011 2:59:59 AM

Subject:
CN="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", L=Istanbul, S=Istanbul, C=TR

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
699161FB28FC130101F0E538145B1D8B

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:DqDcwF9bbwLAK70I7E3H2sbaPT08zOkHolE:DqIkgEq0I7EGSk

Entry address:
0x8FD68

Entry point:
55, 8B, EC, 83, C4, F0, B8, 40, F9, 48, 00, E8, 84, 69, F7, FF, A1, 6C, 23, 49, 00, 8B, 00, E8, 44, 00, FC, FF, A1, 6C, 23, 49, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 74, 24, 49, 00, A1, 6C, 23, 49, 00, 8B, 00, 8B, 15, 78, E8, 48, 00, E8, 39, 00, FC, FF, A1, 6C, 23, 49, 00, 8B, 00, E8, AD, 00, FC, FF, E8, 50, 46, F7, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5720

Developed / compiled with:
Microsoft Visual C++

Code size:
571.5 KB (585,216 bytes)

The file c3321.exe has been discovered within the following programs.

handyCafe Server  by Ates Software
www.handycafe.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file c3321.exe has been seen being distributed by the following URL.

http://files.handycafe.com/en/.../c3321.exe

Scan c3321.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.