home

Olleh.exe

CMOTech

Publisher:
CMOTech  (signed and verified)

Version:
0, 0, 2, 5

MD5:
30ea757867d5b91ea4aa94c4b6a7256d

SHA-1:
12106893603a75123a34d167e2d8e4deb4442d4e

SHA-256:
11a8f721080b3b97e3f1255902c4ae1fe0c920370b31bea5091126925bb53ae7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 7:16:29 AM UTC  (today)

File size:
324.8 KB (332,640 bytes)

Product version:
0, 0, 2, 5

Copyright:
All rights reserved.

Original file name:
Olleh.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup\userinterface\bin\olleh.exe

Digital Signature
Signed by:
CMOTech

Authority:
VeriSign, Inc.

Valid from:
11/19/2009 9:00:00 AM

Valid to:
11/29/2012 8:59:59 AM

Subject:
CN=CMOTech, OU=Sales, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CMOTech, L=Seoul, S=Kyunggi, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
452B16B1F79C04BEE53F9C3BB688A0BF

File PE Metadata
Compilation timestamp:
7/9/2012 6:03:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:PhGpqrjp1STiI/QBjLbsalup0MMisrwfR96QPcwODh3Mc8Fe:miIQQaup0visgcx+Fe

Entry address:
0x20335

Entry point:
E8, A5, 92, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, E8, F5, 43, 00, E8, D1, 29, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 74, 83, 44, 00, 77, 22, 6A, 04, E8, 90, 94, 00, 00, 59, 83, 65, FC, 00, 56, E8, 97, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, DD, 29, 00, 00, C3, 6A, 04, E8, 8B, 93, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, CC, 50, 43, 00, 83, 3D, 34, 70, 44, 00, 00, 75, 18, E8, F7, 88, 00...
 
[+]

Entropy:
6.2747

Packer / compiler:
PEQuake V0.06

Code size:
205.5 KB (210,432 bytes)

Scan Olleh.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.