home

download.exe

Kiril Skiba

Publisher:
Kiril Skiba  (signed and verified)

MD5:
80f1f68fa135a7b5ebe0608cbd7d9eb1

SHA-1:
8c6ef1cbcca05b6de69314c9986a3ff98fe28b49

SHA-256:
00ef362395cf2ce9b28171097f160c4c1bc399d08fdb0c8aa6fa2572f86e4425

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/19/2024 4:03:48 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
155.4 KB (159,096 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Kiril Skiba

Authority:
Unizeto Technologies S.A.

Valid from:
7/11/2014 4:54:12 AM

Valid to:
7/11/2015 4:54:12 AM

Subject:
E=skiba.1982@list.ru, CN=Kiril Skiba, O=Kiril Skiba, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
740CC7CB8F1716E65997A249E7C63863

File PE Metadata
Compilation timestamp:
7/16/2014 8:22:08 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:abA7PgVB1gStZVORkQ24S+TJjR89H/DyJVos:acjgdSi3akmJVos

Entry address:
0xAADC

Entry point:
E8, C3, 65, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, EA, 41, 00, E8, 5E, 12, 00, 00, E8, 90, 67, 00, 00, 0F, B7, F0, 6A, 02, E8, 56, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 62, 38, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.9095

Code size:
84.5 KB (86,528 bytes)

The file download.exe has been seen being distributed by the following 2 URLs.

http://applicationgrabb.net/c90c6956dcfbac757e72f2c923611140/yaskeba/dl.php?id=1405524256999061056&r=https://s3-eu-west-1.amazonaws.com/.../Download.exe&__rnd=b15af68a31be3d452bc6b4201ccf3fcf

http://applicationgrabb.net/4cb3f765d08b55561f69607f25698669/flsh/dl.php?id=1405524570405165459&r=https://s3-eu-west-1.amazonaws.com/.../Download.exe&__rnd=c7d82836699f155df29b9c17bdf6e2d7

Scan download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.