home

c3414.exe

Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

This file is installed with the program handyCafe Server. The file has been seen being downloaded from doc-0c-6c-docs.googleusercontent.com and multiple other hosts.
Publisher:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti  (signed and verified)

Description:
UpdateFile

Version:
3.4.1.4

MD5:
1be6165a72b2f1a981dfea1cac5207d5

SHA-1:
54d4f4dc3084de510a551407d02c5d905e84fbea

SHA-256:
963096d790f376385350e1dce89f807034024dced81fc1e2cac9112aa8ec4281

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 10:07:15 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Malware
11.20140203

File size:
3.7 MB (3,927,416 bytes)

Product version:
3.4

Copyright:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\handycafe\server\c3414.exe

Digital Signature
Signed by:
Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti

Authority:
VeriSign, Inc.

Valid from:
11/17/2013 3:30:00 AM

Valid to:
11/18/2015 3:29:59 AM

Subject:
CN="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti", L=Istanbul, S=TR, C=TR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6E54E478C4B86CD0A3A473682202D107

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:yqDcwF9bXnyqQP7UjePQSVQKubB6mQuTNTS98eTAHTBNGh6j3zeJjU6bIlF:yqIkGZP7U232HTBywyJjJU

Entry address:
0x8FD68

Entry point:
55, 8B, EC, 83, C4, F0, B8, 40, F9, 48, 00, E8, 84, 69, F7, FF, A1, 6C, 23, 49, 00, 8B, 00, E8, 44, 00, FC, FF, A1, 6C, 23, 49, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 74, 24, 49, 00, A1, 6C, 23, 49, 00, 8B, 00, 8B, 15, 78, E8, 48, 00, E8, 39, 00, FC, FF, A1, 6C, 23, 49, 00, 8B, 00, E8, AD, 00, FC, FF, E8, 50, 46, F7, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9741

Developed / compiled with:
Microsoft Visual C++

Code size:
571.5 KB (585,216 bytes)

The file c3414.exe has been discovered within the following program.

handyCafe Server  by Ates Software
www.handycafe.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file c3414.exe has been seen being distributed by the following 3 URLs.

https://doc-0c-6c-docs.googleusercontent.com/docs/securesc/q4d3onkn0agmskvb2e774c3pe8nqlka0/f1im6fg267ppqg5f475cc3fsqret8tg4/1479024000000/.../09138257361922423682/0Bx0OhWVLdXhUVXVzQ3RpTC1HUnc?e=download&nonce=5kform8n5k4ve&user=09138257361922423682&hash=68448jlk1qj0qo3f3hi74hd95e7173qp

http://cdn4.handycafe.com/en/.../c3414.exe

http://files.handycafe.com/en/.../c3414.exe

Scan c3414.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.