» load-1.40.exe
Overview
Analysis
File Details
Downloads (8)

load-1.40.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

load-1.40.exe

MD5:

45dd4890ceef2a34e9a3a24f1f1e5f8c

SHA-1:

19bdb58f6448cb4a44ddafb048a0cbff7e6597ab

SHA-256:

70f691fc9ba1707d31bc9a45a80de653837ed33e7b838b67406e5c7876bbff2e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 1:58:13 AM UTC (today)

File size:

1 MB (1,077,639 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

File PE Metadata

Compilation timestamp:

8/6/2006 3:09:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:lLXAnkjkcRNKxiOBkCwbZt0FsJ2LKVVBGsyFvPqDNGnH4vFJk:xAnkjk8SiOBkhNaG5VVvyFvLnHCDk

Entry address:

0x3166

Entry point:

81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, F4, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 60, 98, 42, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 20, EC, 42, 00, E8, 23, 28, 00, 00, BB, 00, 64, 43, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, 0E... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file load-1.40.exe has been seen being distributed by the following 8 URLs.

http://dw.uptodown.com/dl/1444961124/.../load-1.40.exe

http://dw12.uptodown.com/dwn/U_hDfRaoKhzDiN3H-8QkVlj6I5rEHGZuGQ3HluCMm0jXi0kkVj1jXN8CVx4GLgKBsGSbarOgNKVMcGAIDZLBNJrZIvt-1RL-dfwbvKcTQ8bCLEQLDM9IryClOrnTugn2/pomeM9KCpHnjnwYnYOhn_F9y_eGbbDh1fQ-qImJL07sshhySa5fVImgxJ9Y3D0MfRGyp90BMKM4Cheu29u9zh5IKtKLvAsqOkZki7EhrBRvyUJHA2-SgvIJ3oOwvkjew/Y8XNn1G-pohlKuDGA3E29h75e97m2qYX3T73c5YNSD_k0Di3GKdoJCjgwuGeYXP5-uBeE3Rluj7PAJ8y_Qx__6UbJ1FnyrdWVS9_yH8oou24WatLhpPAAEoy0qwmhHd9/.../load-1.40.exe

http://dw.uptodown.com/dwn/WAEXbWN4k3HKZfEU5y6pHyQAcH5fBn1FgxZpLnwLuf3ma7_v5i87Xr1PxQJBcZ4lG9tIBd9cPoIWdpxWragnOIKN0NiwgfT8G2otUl5PACou9Ve-xeTX6FZ9XRpyt-DX/1UY0LeUbPOfVClljKxATQcEjgvtNJzng_PJXD3-fMcP2Tz64swJBYbbMm1lin-jU3-0irj02iH5KLL5qSHSz3iDEoLHF4_HsQlacIkmprgeMBnXezG3QccvN_cR8oiIP/8JzNas3BKoTIJetB4a9kDy-oJGVDUHTpSTcvU4lfFM18FODb9hkd8m6xwDuOFFagTckUJuSXWYWO9C3dDcwqQM2L-A2pyDlElv01Y16wN2GlK5PIBiuxR9en1efa4LTK/.../

http://dw.uptodown.com/dwn/CLFzZB3oUVpP_gOHBREPaQ8-idvgZIADVgOKg0zlnVAbVbtQrTH6xdgMgGANKnkF1kogvOJy6H12qsJ0A2cBrX5HQN4ohX_4SSiVPWTGpVsGpcD7jtMOsBqb5i5MWaoY/rHGN5ZNGETE6nzoaEdILsbSSiEf7LkHMkD0YE9LMoau1n7aNM33zeGvOojpvqRGbKiDZW9BHNXlW7GQNQluqMQ9F-PAqB01fayla-KlY5Wcb3fSaL8IVLNHZbbhztvMC/.../

http://es.kioskea.net/download/.../download-3744-

http://www.daubnet.com/.../loadsetup.exe

http://dw.uptodown.com/dl/1434716215/.../load-1.40.exe

http://dw.uptodown.com/dl/1443819436/.../load-1.40.exe

Scan load-1.40.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.