home

os.exe

Explorer.exe

OSFirstTimer

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The file has been seen being downloaded from fs02n2.sendspace.com and multiple other hosts.
Publisher:
OSFirstTimer

Product:
Explorer.exe

Version:
1.0.0.0

MD5:
c269cad3bfeb6eddcd0fe49990b874fe

SHA-1:
d759593734af975678d629e86a6b378a51f1fcd4

SHA-256:
73f4686afcb4c5721bf3a89e807db575205e6ee21c7f971b695f09bd9e147805

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 6:57:04 AM UTC  (today)

File size:
366.5 KB (375,296 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © OSFirstTimer

Original file name:
Explorer.exe.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\jurisch\cc-logs\myportal\os.exe

File PE Metadata
Compilation timestamp:
12/26/2012 1:14:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:QQ5fffffffffff56ffff3ffifffff84fffffffffdff/58ffyeyJfffQ8fffKffV:b5fffffffffffEffff3ffifffff84ffc

Entry address:
0x5894E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
346.5 KB (354,816 bytes)

Scheduled Task
Task name:
a

Trigger:
Time


The file os.exe has been seen being distributed by the following 2 URLs.

https://fs02n2.sendspace.com/dl/44e7214f97e1c37c98d96af3fd3e996b/57d4473c7545aecd/.../OSFirstTimerBlue Scream.exe

https://fs02n3.sendspace.com/dl/8f2790e754a0948d4aa29f8b77c77b8d/542992105955e33b/.../OSFirstTimerBlue Scream.exe

Scan os.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.