home

crashlocate.exe

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Publisher:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}  (signed and verified)

MD5:
3c4ddd6deb4469208545ae3dd650103c

SHA-1:
4ccd93c7f48775dee391c6971884117dfb6c79ba

SHA-256:
566b871c4112177a3123805167ebe78d2ef715a774d5f6058e6c725299c01103

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 3:40:28 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BackDoor.Comet.884
9.0.1.05190

ESET NOD32
MSIL/Injector.DXW trojan
8.0.319.0

File size:
549.1 KB (562,240 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\crashlocate.exe

Digital Signature
Signed by:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:
4/29/2014 10:09:56 PM

Valid to:
4/30/2015 4:09:56 AM

Subject:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:
1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata
Compilation timestamp:
6/3/2014 10:20:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:EnH0R5gZdzVbAY4lxDxw4FPmKiIcJ+dZn0TeL8JmmTePP2:EHqaZd5AYUDO4PmKtvn0TAPP2

Entry address:
0x8AA5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4554

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
547 KB (560,128 bytes)

Scan crashlocate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.