home

puush_is_sorry.exe

puush

Dean Herbert

This is a setup program which is used to install the application. The file has been seen being downloaded from dl.dropboxusercontent.com and multiple other hosts.
Publisher:
Dean Herbert  (signed and verified)

Product:
puush

Version:
1.0.0.0

MD5:
8d6c1bce7aafc3c1a8358afeee6ad8a9

SHA-1:
032238b919e32d00ad78c643a1887cdabf1996bc

SHA-256:
e28bd1f417c6d56b0b902516861d418bfcc6fbf095dac3462b1ff30535a0cb21

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 12:53:58 AM UTC  (today)

File size:
405.6 KB (415,304 bytes)

Product version:
1.0.0.0

Original file name:
puush.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\puush_is_sorry.exe

Digital Signature
Signed by:
Dean Herbert

Authority:
COMODO CA Limited

Valid from:
9/27/2012 9:00:00 PM

Valid to:
9/28/2015 8:59:59 PM

Subject:
CN=Dean Herbert, O=Dean Herbert, STREET=41 Gregory Street, STREET=Wembley, L=Perth, S=WA, PostalCode=6014, C=AU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD15503D4AF404C84200F5CCC3C99380

File PE Metadata
Compilation timestamp:
3/30/2015 7:25:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:x93wnb+063wnKWnU21qlAWSl7ueyyfiBA:XaOknXkA3lp

Entry address:
0x12F3C

Entry point:
FF, 25, 2C, 2F, 41, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, E7, EB, 04, 00, 7B, 7A, 7D, 01, 00, 46, 06, 00, D7, EB, 04, 00, 00, 46, 06, 00, EC, BC, 05, 5C, 55, 59, D7, 38, 7C, EE, A5, F3, 92, 12, 8A, 80, 82, 18, A4, 20, 21, D2, 88, A0, 08, A2, 88, 94, 74, 4A, 77, 97, 48, 28, 0A, 08, 82, 34, 08, 12, 0A, 08, 58, 80, 84, 94, 80, 41, 09, 88, D2, 1D, 22, 25, D2, 71, BE, 7D, 00, 67, D0, D1, F1, 99, 79, E7, 79, BE, E7, FD, FD, DF, 85, 6B, F6, 39...
 
[+]

Code size:
342.5 KB (350,720 bytes)

The file puush_is_sorry.exe has been seen being distributed by the following 4 URLs.

https://dl.dropboxusercontent.com/.../aPXj6iIlgQNT1eDjCN5flOYkr4q8OolrzVJmHK3KC3oR4dxXvd0rsH6TU3k3lViQ?dl=1

https://www.dropbox.com/s/.../puush_is_sorry.exe

https://puush.me/.../puush_is_sorry.exe

http://puush.me/.../puush_is_sorry.exe

Scan puush_is_sorry.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.