» file.exe
Overview
Analysis
File Details
Downloads (8)

file.exe

The executable file.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-08-0k-docs.googleusercontent.com and multiple other hosts.

File name:

file.exe

MD5:

e83cf06eb1f47e1f14e0618659681855

SHA-1:

799b8479125ad88bfa629f5425adb83e77ac8267

SHA-256:

b340b84bbeb104f773e1dc28049c5e37df2f92e6c06d68aeabcf0f5d426e07f9

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/20/2024 4:54:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.Kelios.1

914

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.164.150

avast!

Win32:Malware-gen

2014.9-140805

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.1485

Bitdefender

Gen:Heur.Kelios.1

1.0.20.1085

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

19024

Dr.Web

Trojan.StartPage.61409

9.0.1.0217

Emsisoft Anti-Malware

Gen:Heur.Kelios

8.14.08.05.02

F-Prot

W32/A-ac4d01be

v6.4.7.1.166

F-Secure

Gen:Heur.Kelios.1

11.2014-05-08_3

G Data

Gen:Heur.Kelios

14.8.24

IKARUS anti.virus

Virus.Win32.Vundo

t3scan.1.6.1.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3455

McAfee

RDN/Generic.dx!ddm

5600.7048

MicroWorld eScan

Gen:Heur.Kelios.1

15.0.0.651

Panda Antivirus

Trj/OCJ.F

14.08.05.02

Qihoo 360 Security

Win32/Trojan.4af

1.0.0.1015

Quick Heal

Trojan.Generic.r8

8.14.14.00

Trend Micro House Call

TROJ_GEN.R0CBC0UFB14

7.2.217

Trend Micro

TROJ_GEN.R0CBC0UFB14

10.465.05

VIPRE Antivirus

LooksLike.Win32.InfectedFile!A

31750

File size:

549 KB (562,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\file.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:oDepiSZpq6FAeuXrgjleCpqLMF2u3GDZ5LqqllvGb3QQMS:bp/HuJXEjlXgIM4kZ5+KlvGQQM

Entry address:

0x76E00

Entry point:

FC, 55, 50, E8, 00, 00, 00, 00, 5D, 50, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 58, B8, 38, 1E, 47, 00, EB, 01, E3, 50, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48, 40, EB, 01, 35, FF, E0, E7, 58, 2B, E8, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, 50, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 58, 89, 85, 3D, 60, 48, 00, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, EB, 01, E3, 50, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48... 
[+]

Entropy:

7.9812 (probably packed)

Code size:

378.5 KB (387,584 bytes)

The file file.exe has been seen being distributed by the following 8 URLs.

https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/.../0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&nonce=sh73cjs2p1tq0&user=16268065741432367484&hash=kest8tjr9fdifvmqr2ahd7btsi824l1d

https://docs.google.com/nonceSigner?nonce=sh73cjs2p1tq0&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/16268065741432367484/0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&hash=2u16mu9b22af1ftne5egc2a7ctl8t1eb&urp=http://.../&pli=1&auth=DQAAAI4AAABS5eOHaGZCSnAyw_Am-oaNW2l_UiwYowEuIjwMDWL4WFVkVFndg5ivolNWifr3fzusAyqPWJQIHfgVeU2vzZqUaW46GSQzQBj94t3h1uPuKEvX2DdMNVl6tmZLdA5br2FMX4XFJQDnIqAcqsucUykHn3k5xw2k9JfTsDTOMm3yO9CpHT_2WtzfnHyL2JgiOuw&authuser=0

https://accounts.google.com/ServiceLogin?service=writely&passive=1209600&continue=https://docs.google.com/nonceSigner?nonce=sh73cjs2p1tq0&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/16268065741432367484/0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&hash=2u16mu9b22af1ftne5egc2a7ctl8t1eb&urp=http://.../&followup=https://docs.google.com/nonceSigner?nonce=sh73cjs2p1tq0&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/16268065741432367484/0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&hash=2u16mu9b22af1ftne5egc2a7ctl8t1eb&urp=http://.../&ltmpl=homepag

https://www.google.com/accounts/ServiceLogin?service=writely&passive=1209600&continue=https://docs.google.com/nonceSigner?nonce=sh73cjs2p1tq0&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/16268065741432367484/0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&hash=2u16mu9b22af1ftne5egc2a7ctl8t1eb&urp=http://.../&followup=https://docs.google.com/nonceSigner?nonce=sh73cjs2p1tq0&continue=https://doc-08-0k-docs.googleusercontent.com/docs/securesc/89dct1qiarcc59v49r15q2ri4qdpchm1/kl5i5n4inb6b0qedh5851kpafjv7n6sd/1397772000000/15202778478196651850/16268065741432367484/0BzS8hk5WNRKycHBWMHUxd1FIZ1k?e=download&h=16653014193614665626&hash=2u16mu9b22af1ftne5egc2a7ctl8t1eb&urp=http://.../&ltmpl=homepage&authuser=0

https://drive.google.com/uc?export=download&id=0BzS8hk5WNRKycHBWMHUxd1FIZ1k

Remove file.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.