home

hangmanpro-setup.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from www.regnow.com and multiple other hosts.
MD5:
5aa978b78303c2859e36e32687f21081

SHA-1:
60a131ff02641f4182bdf4254649aad3d0d2002c

SHA-256:
17278e7a551b694ff5d50c9aaea63fac656b378bad0735913e25d06e539bae0f

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/16/2024 3:56:32 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.Agent.cku!100034599[F1]
23.00.65.151025

File size:
1 MB (1,098,945 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hangmanpro-setup.exe

File PE Metadata
Compilation timestamp:
6/7/1999 5:10:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:xtMt/qJpGPSsCj9Z7x7/cJ9OoaaszcVr4a9gxEMyH66x:xC/OgSsCjn9gfaaszI4mgWMyHnx

Entry address:
0x88A2

Entry point:
55, 8B, EC, 6A, FF, 68, 50, B3, 40, 00, 68, 00, A6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 28, B1, 40, 00, 33, D2, 8A, D4, 89, 15, 1C, DB, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 18, DB, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 14, DB, 40, 00, C1, E8, 10, A3, 10, DB, 40, 00, 33, F6, 56, E8, 8D, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 46, 1A, 00, 00, FF, 15, 2C, B1, 40, 00, A3, 04, E0, 40, 00, E8...
 
[+]

Entropy:
7.9681

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
40 KB (40,960 bytes)

The file hangmanpro-setup.exe has been seen being distributed by the following 5 URLs.

https://www.regnow.com/softsell/visitor.cgi?vendor=14880&affiliate=5300&linkid=tryandbuy_CD133141&action=site&ref=http://.../HangmanPro-Setup.exe&ClickID=dwnkbt2mwb022toz0mz0zsckmr2ozycymyyo

https://www.regnow.com/softsell/visitor.cgi?vendor=14880&affiliate=5300&linkid=tryandbuy_CD133141&action=site&ref=http://.../HangmanPro-Setup.exe&ClickID=bgvelzdq6fqgmfy1lqvzudlgfeunkmkffggk

https://www.regnow.com/softsell/visitor.cgi?vendor=14880&affiliate=5300&linkid=tryandbuy_CD133141&action=site&ref=http://.../HangmanPro-Setup.exe&ClickID=ao0r55l0zzl90oaonvnrk5r9tpyonotn5ssa

http://files.downloadnow.com/s/software/38/84/.../HangmanPro-Setup.exe

https://www.regnow.com/softsell/visitor.cgi?vendor=14880&affiliate=5300&linkid=tryandbuy_CD133141&action=site&ref=http://.../HangmanPro-Setup.exe&ClickID=antw0rkrswvoz50pp5zszptkpnlwvvorlssa

Scan hangmanpro-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.