home

ffe10825da18545758c0917543.exe

Passcovery Co. Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.freenew.net.
Publisher:
Passcovery Co. Ltd.  (signed and verified)

MD5:
5d1e3d9e05bfa409751a2bc0d465a1d0

SHA-1:
e1af86e90aaf52f9a9ac3643188d6111eddddf87

SHA-256:
d332e814b55cfeff495bcb417446b7283d32a1c79daa0c780f9074f63d141a4a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 4:06:54 AM UTC  (today)

File size:
7.3 MB (7,667,712 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\ffe10825da18545758c0917543.exe

Digital Signature
Signed by:
Passcovery Co. Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/27/2012 2:00:00 AM

Valid to:
1/27/2014 1:59:59 AM

Subject:
CN=Passcovery Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Passcovery Co. Ltd., L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
126C0A586B3CA44C91096D1F7260343E

File PE Metadata
OS version:
0.65534

OS bitness:
Win16

Linker version:
254.255

Entry address:
0x20000

Entry point:
D0, CF, 11, E0, A1, B1, 1A, E1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3E, 00, 04, 00, FE, FF, 0C, 00, 06, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 10, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, FE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF...
 
[+]

Entropy:
7.8091  (probably packed)

Code size:
384 KB (393,228 bytes)

The file ffe10825da18545758c0917543.exe has been seen being distributed by the following URL.

http://www.freenew.net/.../downApp.htm?platform=windows&id=15201&toUrl=1d0618345558412f0d00451300092101121962070b1f5a1343730c58592e465c585a140a215e47567e5c0a0a444a59705a405b740a5e52444559705c590b340c

Scan ffe10825da18545758c0917543.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.