home

folderhighlight_2_4.exe

FIKSBAG

The application folderhighlight_2_4.exe by FIKSBAG has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from doc-14-b0-docs.googleusercontent.com.
Publisher:
FIKSBAG  (signed and verified)

MD5:
7cbb60ed9415dc0e5d947d5cb5fabe50

SHA-1:
561ee81c8035ea2de181ac813aeb1e5c9742f589

SHA-256:
956f55f6c1331a2cddfdc7368fe74507040f92699beaca8eb38682ba119517f7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/17/2024 11:06:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FIKSBAG (M)
16.4.2.19

File size:
3.4 MB (3,612,720 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\folderhighlight_2_4.exe

Digital Signature
Signed by:
FIKSBAG

Authority:
COMODO CA Limited

Valid from:
3/18/2016 7:00:00 AM

Valid to:
3/19/2017 6:59:59 AM

Subject:
CN=FIKSBAG, O=FIKSBAG, STREET="Petrova, 6", L=Cheboksary, S=RU, PostalCode=428000, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A236A64C5C2B7859195FFC076EDC1BD8

File PE Metadata
Compilation timestamp:
3/29/2016 11:13:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:jDZmD3k1I4nl0ken3bt7uzp8fLXUsO+LIn4ZOcscjDFL4B:MV4lW3aZsO+LI4c1mFG

Entry address:
0x34F0D0

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 57, 75, 00, 68, 68, FE, 74, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 1C, 30, 75, 00, 33, D2, 8A, D4, 89, 15, 84, 62, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 80, 62, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 7C, 62, 75, 00, C1, E8, 10, A3, 78, 62, 75, 00, 33, F6, 56, E8, E3, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AE, 08, 00, 00, FF, 15, 88, 30, 75, 00, A3, 78, 67, 75, 00, E8...
 
[+]

Entropy:
6.0036

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.3 MB (3,479,040 bytes)

The file folderhighlight_2_4.exe has been seen being distributed by the following URL.

https://doc-14-b0-docs.googleusercontent.com/docs/securesc/4kadnv2romn0ftfjoq6sforgjj9ru99v/vr9tcr9hajf88req1c6r7hrcr2cq91i7/1459224000000/13523602812321374240/.../0B_qSnNhRf93IWVZNSUxwUGFYNm8?e=download&nonce=bbaob6t0ahsm8&user=12502062189194752605&hash=dg5ft6vqqvt3jrq681e94krtral4fga2

Remove folderhighlight_2_4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.