» loadeasy.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (30)

loadeasy.exe

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from download1731.mediafire.com and multiple other hosts.

File name:

loadeasy.exe

MD5:

d0abb27c02acceac1121c948497da467

SHA-1:

13f0d59120bc713c2d57cf3881def070d1211408

SHA-256:

37ebbbcb155950f1cfe368d3c34cc67029ac6453db9c03ab0b178afa8aafea51

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 4:41:33 AM UTC (today)

File size:

6.5 KB (6,656 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\tinasoft\easy cafe server\loadeasy.exe

File PE Metadata

Compilation timestamp:

4/10/2003 10:36:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24:etGSIl/oMIscCLGS02FlDLjwAesB8WI1WvJ6M/agnIKHR+lYEi8L9tNSSSKEKEIL:68Izz2bLcsB8pg6saU5xaJlPv

Entry address:

0x1000

Entry point:

6A, 00, E8, 55, 01, 00, 00, A3, 00, 30, 40, 00, 8D, 05, D8, 30, 40, 00, A3, 48, 3C, 40, 00, 6A, 00, FF, 35, 48, 3C, 40, 00, E8, 50, 01, 00, 00, 83, F8, FF, 0F, 84, 02, 01, 00, 00, A3, 88, 30, 40, 00, 6A, 00, FF, 35, 88, 30, 40, 00, E8, 17, 01, 00, 00, 3B, 05, D0, 30, 40, 00, 0F, 85, B3, 00, 00, 00, A1, 88, 30, 40, 00, 50, E8, 18, 01, 00, 00, 68, 58, 3C, 40, 00, 68, 8C, 30, 40, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, FF, 35, 48, 3C, 40, 00, E8, D1, 00, 00, 00, 85, C0, 0F, 84, AE, 00, 00... 
[+]

Packer / compiler:

TASM / MASM

Code size:

512 Bytes (512 bytes)

Scheduled Task

Task name:

{076B627B-EC68-43FE-A97B-473BB5A7BE9E}

Trigger:

Registration (Runs on registration)

The file loadeasy.exe has been discovered within the following program.

EasyCafe Server 2.2 (Firewall Edition) by TinaSoft Software & Internet Solutions

www.tinasoft.com/easycafe/support.htm

About 2% of users remove it

The file loadeasy.exe has been seen being distributed by the following 30 URLs.

http://download1731.mediafire.com/yttekcl9ucog/.../LoadEasy.exe

http://download41.mediafire.com/en6put3es6kg/.../LoadEasy.exe

http://download1591.mediafire.com/45o4bxu5ddvg/.../LoadEasy.exe

http://download41.mediafire.com/wy777f2t50mg/.../LoadEasy.exe

http://download1591.mediafire.com/477m22dcl9eg/.../LoadEasy.exe

http://download1379.mediafire.com/8yztp7d124hg/.../LoadEasy.exe

http://download1379.mediafire.com/vje09z1uo0xg/.../LoadEasy.exe

http://download1854.mediafire.com/6zld39pk16gg/.../LoadEasy.exe

http://download1379.mediafire.com/g78c5a56ayag/.../LoadEasy.exe

http://download41.mediafire.com/y5c7okcvclhg/.../LoadEasy.exe

http://download41.mediafire.com/uly8lvl8h6bg/.../LoadEasy.exe

http://download41.mediafire.com/nrk4z9solmog/.../LoadEasy.exe

http://download1283.mediafire.com/0z73fza2emqg/.../LoadEasy.exe

http://download1379.mediafire.com/pevyd94brpag/.../LoadEasy.exe

http://download41.mediafire.com/x66bz96d4rjg/.../LoadEasy.exe

http://download1379.mediafire.com/aoglorc145hg/.../LoadEasy.exe

http://download1379.mediafire.com/nmvnsgrgc3ng/.../LoadEasy.exe

http://download1379.mediafire.com/ivb28x83hfrg/.../LoadEasy.exe

http://download1379.mediafire.com/mk2z8bctm5mg/.../LoadEasy.exe

http://download1379.mediafire.com/l5y6na1a35ig/.../LoadEasy.exe

http://download1379.mediafire.com/nmd2lzbow6yg/.../LoadEasy.exe

http://download1379.mediafire.com/xnejlhwofrpg/.../LoadEasy.exe

http://download1379.mediafire.com/sq0952ooaafg/.../LoadEasy.exe

http://download1330.mediafire.com/9sbfv7b71zag/.../LoadEasy.exe

http://download1591.mediafire.com/4572cqz75fsg/.../LoadEasy.exe

http://download1283.mediafire.com/27lxp705djsg/.../LoadEasy.exe

temp:LoadEasy.exe

http://download1591.mediafire.com/7h9on3xhf83g/.../LoadEasy.exe

http://download1283.mediafire.com/ny48gjc0vk9g/.../LoadEasy.exe

http://download1283.mediafire.com/uyaf5r8evq0g/.../LoadEasy.exe

Latest 30 of 30 download URLs

Scan loadeasy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.