» jovesmodpack_0.9.15.0.1_v26.6_extended.exe
Overview
Analysis
File Details
Downloads (9)

jovesmodpack_0.9.15.0.1_v26.6_extended.exe

wotsite.net

This is a setup and installation application. The file has been seen being downloaded from cloclo16.cldmail.ru and multiple other hosts.

File name:

Publisher:

wotsite.net

Description:

JovesModPack_0.9.15.0.1_v26.6_Extended.exe 26.6 Installation

Version:

26.6

MD5:

2771250471d6f7142886f8c302272ceb

SHA-1:

8affea1975f7071cc1489f9e2b2d3ea36175e3fa

SHA-256:

ea566913cd1366c4414d8aadf72d6b3a2991a7e591bb3b88a4ec969d206c83b4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/18/2024 10:15:37 PM UTC (today)

File size:

168 MB (176,111,469 bytes)

wotsite.net

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\jovesmodpack_0.9.15.0.1_v26.6_extended.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3145728:gw2+RydngPopKVulDTblL/eXTwARZSOinTREjSj3tnl3VD0REX1Z3:gw7wdEopbT/ekZOiqQ1pYEXz3

Entry address:

0x25468

Entry point:

55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

145.5 KB (148,992 bytes)

The file jovesmodpack_0.9.15.0.1_v26.6_extended.exe has been seen being distributed by the following 9 URLs.

https://cloclo16.cldmail.ru/K4rGp5jzS5C7Mr6Ljn5/G/.../meJ57EmSb?key=9a3ff9ee5337cb3d243554c3a52affb0af90c1dc

https://cloclo22.cldmail.ru/5UNpd7kFsvvtZJUC5XH/G/.../A7tE63haB?key=315a987d1b93730bc9adc9f9d396390da05ef1ad

https://cloclo18.cldmail.ru/anMiXen6TRmcmXdRg1Y/G/.../oRLW2qfz6?key=8da4cbf2d41cee3ad4556fcddbee9085527ad50d

https://cloclo15.cldmail.ru/PtKr2UZz5csETKSZvfF/G/.../meJ57EmSb?key=1be0a579f9faf7575841e72cfa8dbedc3a3e3a06

https://cloclo18.cldmail.ru/5wSYNKeELQCHojunNxU/G/.../meJ57EmSb?key=d15425c6a248438274ab7066b7421afaa192695a

https://cloclo30.cldmail.ru/cPo2MwSzieCU38QQXFh/G/.../meJ57EmSb?key=ddd89d57d462608c2384eb6b825a99154b9004d2

https://cloclo40.cldmail.ru/2xZQXMD4g8qpCwP4dpzT/G/.../meJ57EmSb?key=affd6c3329c93e8e35551eeaaeb8a1c3a1cf555f

https://cloclo40.cldmail.ru/TKSiFdRy3N3prw9SQ3g/G/.../meJ57EmSb?key=2f96f1cac96c7daa940d89291612af56a7e7e359

http://wot-planet.com/upload/files/.../JovesModPack_0.9.15.0.1_v26.6_Extended.exe

Scan jovesmodpack_0.9.15.0.1_v26.6_extended.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.