» navi.exe
Overview
Analysis
File Details
Downloads (9)

navi.exe

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from www.toursguardmeta.com and multiple other hosts.

File name:

navi.exe

MD5:

a8006d0b57ece7c64d4440f1c1c45295

SHA-1:

d51930c7814e9868bc671e75bc976fe209042617

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 10:16:24 PM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

Malware-Cryptor.General.3

3.12.24.3

File size:

9.5 MB (9,969,152 bytes)

File type:

Executable application (Win32 EXE)

Installer:

WinZip SFX

Common path:

C:\Documents and Settings\{user}\Local settings\temp\navi.exe

File PE Metadata

Compilation timestamp:

1/9/2001 9:09:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.10

CTPH (ssdeep):

196608:a15pnW0eCsIsbQyYvd8eVfXXNNag7bDE/wYd7oQlhNT2ihYNv:MpnT1idYvVf+gnSddcQXp2B

Entry address:

0x3F8F

Entry point:

53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF... 
[+]

Entropy:

7.9967

Packer / compiler:

WinZip, 0x32-bit SFX v8.x module

Code size:

21.5 KB (22,016 bytes)

The file navi.exe has been seen being distributed by the following 9 URLs.

http://www.toursguardmeta.com/qReVpMqjjVvYZP 9Hpi Vy5z4uK_Ky DPAI1SKJZu9H M9o1uXiAshC5TwHXPcHE8VUPac9gPE6URsD0qtDY008aSENXQQMH_X5QSdmY2llrR5zy1dP3h Xs_D088LjvioSZarsbJIL0mLY9crXSeSXDfJ_KvufNRHDlDOjaOjNPqWkvFssfaS7O5XR53xQqmvfQkWk_QAocdpi UVCruipmKRDYtANxQBLlWRJUN1LV6enH002mfQKSmYMeSPDNg3ukLws24WY 1Hm eoO JP0qh ZrTYEZNadF 0beR2S06LXDuO0rhbcA6z3rMGvRtbr92mVwqs7j_5HVbnqlblm0V0PYzJ49c VShSoxK7ZWElLgcIDX8VxeSO0XUclf4ZsPh_4vBExlMHGoi7HL ivNL9hKfkBGf QYVX335nybEvTjh lqIq8RU5jq 51_seg9mphgsWJkcV9 w6AouPvZ2PVVJvDy0j8FAbOf2LCS1BcL7dfC7Xudesl3N8noAEkYTEPt qQn_kvmgNnN0E4YQHSPj_RtUQ vfFIjTFwro_M9lwaafONsnH9KYnsRrwLn5T_XouyI0KsjI1FSHvqdWJ4uRtnCgnNtO6_4PtIXspRewqeiVhfIL k6weR_W6VN0D wnevhZ6KojGm5XrbXU10Fw==-Gz4AAMTOFhNMMFVURF24UJR_cMiBw5dUZIFYsDF2hrSE6KY1xijsXzqsCayILO2ahZvSf3uQzinGBw==

http://download.informer.com/.../navi.exe

http://www.toursguardmeta.com/9hHwUaIwS9YA2rVq5ztUkZ8RDpPfd8tCy_qoBgIpO6UQVTTXMGYnnB8kvZMHp09Y9bzX0SNHVc54G4MKcMl DfbedybGQQybhHzBrPhv8mfofwXY fsNA5Ugzlgh_YWoJeJUYHbBM8HblLko7xjGoGn0LUqiWB1SGRnrIFibJrsDOK7tvsxUMX1qMeYwWR SAWc9U_SHMHxVAYNiyt5iWL4pmNf_y1VQ6WybFricQho0knFfB5HJFbok7N13foRYyQJZsPEcB5hGgk_dPnyodwIz1MQszKUaQHnZvs6FMbIZg28BaG8QcXWaHrLQzFzbYi06ydsXFlD jVxTST hQzQLkZo2yL4teC3fZs3qFo9jWGdiqF5G6DF 5tqpHVtnY2lFtdgvrNd ZxHLZmUPAc3wqbOPJL7Fg2vdLrysIfAjTHebChhS7g7eHpuuJs5VnUpHtIzAEdsAkEO7fhf1yxhrMbMeICrNh9GynJHuPqG2XpeKQc0nz7 fRSyPAy8YsEoq_RL2dYgI AwC1smMLgLvogPS62If_N1JkwD2tv0OIfSMNvx8m1tq2H0cboV7Vu5AUO8qsZ67pErwANcpjHGZ2G3T5odY2ymOZLCspDFAdwYJsKM=-Gz4AAMTOFhNMMFVURF24UJR_cMiBw5dUZIFYsDF2hrSE6KY1xijsXzqsCayILO2ahZvSf3uQzinGBw==

http://www.farmupdatebits.com/ F3CFWt8B5vz4Zd QOZitLFNep2sdvTaNBQggzbI1nX9C4c2gFQrY5uG761KvndAB71n3ctSN 3sstnafv0R8Eky1oGNH0GW28czypDEWghMJac3dVozhpc9eEQ7UkNoZBVITgElOybiULy2gWrcIPxBf5eQvBuwN3xfk6hcbNU9TqruyKKMDwUmupVdmzurExO8ciHPDm6avCwPhHswif872ssctZCmRffagA2P nUjJ6pMO3gh73zkTlypc15H6WGPBnTiyQ3yPViOc86BuhHNeI5jjDSJmg0VZ0Y0JL98Kj_smfITEH8xzx IquzdF8mIGL3OhfLNQqIb7jrK_oFUmJ0VDd12REMt_o3CTlzrLqTvhfI_NPpV1thnrGPK9NMOo6Ug0D9gg5m2_BlMVvnM5b7vibHnSoquMruqWpW1JgkHi MIZR5hjw_Au76GN8k_tWaIESH0uyNo usDf3FQcomgAhiHUYilmH_PJXORLnPuHscLWKhCof5MbV57Ns9Ct3d3Zgdv3snuoMvCFxru1EzhXg==-Gz4AAMTOFhNMMFVURF24UJR_cMiBw5dUZIFYsDF2hrSE6KY1xijsXzqsCayILO2ahZvSf3uQzinGBw==

http://www.farmupdatebits.com/c?x=AAa ePIlwU tuAK8vWDUs9v fIRp/1NDXwnSuNAGUbs=&c=MLCNw4jiim/znHpxiYV4hRFulL0f9rRMv/7fadkFAXx97k5 A7qDADRfPCZbTZZf cr9nbU2yteVxj8txKLAfiQZNKQmtJceeKuXlFG7TqiRdxdDCHcp051Qfk/.../ o1sIDcL8CwmcB9qnrLZiX6scGqwEilIH0Jik=

http://www.farmupdatebits.com/c?x=hQdlGcgKAkYCSm1jgEwkQGmLZOrQDqPS1M2j0VND3rM=&c=ROCcoyOSCDoODZqWocePVW8/kblxD4sgIBoxik 757oMIfK0SDuC0blOOnW9cbO9gV0KSc/8dvYQuabHK7gOxRpL1J03CeACGkVumPC 8Bxi8SxT2syzqT10It7CzlKdOlXyWhz7d1Agw5UbXSgZcBIf7kgGN/.../SCWg=

http://software-files-a.cnet.com/s/software/11/12/01/.../NAVI.exe

http://files.downloadnow.com/s/software/11/12/01/.../NAVI.exe

http://files.canon-europe.com/files/soft28620/.../NAVI.exe

Scan navi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.