home

examsuccess.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0g-40-docs.googleusercontent.com.
MD5:
8ee5c9ac0151cfcbb41d44a762978129

SHA-1:
581ff2ebb4e67fd785fc6b3ade0e0a7e7c093826

SHA-256:
3ecdb290f39091d68f1471f91b869938dce3e7113aba6d04c0ece31fc99e4359

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/1/2024 11:56:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
HW32.CDB
1.3.0.4959

File size:
828.2 KB (848,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\hock cia examsuccess 2013\examsuccess.exe

File PE Metadata
Compilation timestamp:
4/17/2008 1:53:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:dD03901QVsYUHcnJZkq5XCaaHpKtN8Pw5:xkuWeYTF9Uq8P

Entry address:
0x1000

Entry point:
B8, 50, 47, 6C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 2E, AE, 29, DB, D7, 42, 09, 2A, 4A, 71, D1, 5D, FF, 7E, 8D, 2D, CD, 84, 88, 0E, 1B, E7, C9, 17, 30, E7, DE, 23, 92, 6F, 44, 35, 8C, F5, C5, 89, 8C, AD, 2D, 7D, 18, B1, 10, 4F, 63, F6, D3, 5F, E6, CC, FA, D5, 1A, 17, 39, B5, 86, 7F, 50, 14, A3, D5, 29, 1F, C2, FD, 52, 1D, A5, F8, 19, 65, 88, D4, 19, 4F, 0F, 53, 4A, F4, 50, E2, 61, 27, DE, 2D, 6D, AA, E4, B5, 52, C8, F3...
 
[+]

Entropy:
7.8853

Packer / compiler:
PECompact v2

Code size:
1.7 MB (1,736,704 bytes)

The file examsuccess.exe has been seen being distributed by the following URL.

https://doc-0g-40-docs.googleusercontent.com/docs/securesc/v29j5jeq7dg6h4bdlb4j8u8i2qajche5/qrooju6sluscu04h18dnmm6rpp2l74h0/1455026400000/08860467282056876611/.../0B4SRkbbjMhAHQ1JxWmZqdk03TGc?e=download

Scan examsuccess.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.