home

redsn0w.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ipodtouchisapro.net and multiple other hosts.
MD5:
3f0dc287af2960530906742189ebb159

SHA-1:
e1b60145ad3acc81a54e10223255f75b6dadbf19

SHA-256:
c3feb0ec83583444e484df8dcc976a03471ec02df3b0cfc9403eb487cfdecde8

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 9:32:54 AM UTC  (today)

Scan engine
Detection
Engine version

Sophos
JailBreak - redsn0w
4.98

Trend Micro House Call
TROJ_GEN.F47V1220
7.2.130

File size:
18.3 MB (19,221,504 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/7/2011 11:48:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
393216:SoNwkZspEQVy+3ZDmW8oRNpZrv+VFNPrsPWRL:SKmy+JDlRNHrKEWRL

Entry address:
0x1240

Entry point:
55, 89, E5, 83, EC, 14, 6A, 02, FF, 15, D4, 10, 67, 01, E8, BD, FE, FF, FF, 8D, B6, 00, 00, 00, 00, 8D, BC, 27, 00, 00, 00, 00, 55, 8B, 0D, 74, 11, 67, 01, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 34, 11, 67, 01, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 08, A1, 88, E4, 5F, 01, 85, C0, 74, 3B, 83, EC, 0C, 68, 00, F0, 5F, 01, E8, 54, 8A, 1B, 00, 89, C2, 83, C4, 0C, B8, 00, 00, 00, 00, 85, D2, 74, 0F, 50, 50, 68, 0D, F0, 5F, 01, 52, E8, 49, 8A, 1B, 00, 5A, 59, 85, C0, 74, 0D, 83, EC, 0C...
 
[+]

Packer / compiler:
Dev-C++ v5

Code size:
2.3 MB (2,415,104 bytes)

The file redsn0w.exe has been discovered within the following program.

Supporto applicazioni Apple  by Apple Inc.
Apple Application Support is required to run iTunes, QuickTime and other Apple installed products (do not remove this if you use any of these programs). If you remove this program you will need to reinstall it in order for iTunes to load.
www.apple.com/it
9% remove it
 
Powered by Should I Remove It?

The file redsn0w.exe has been seen being distributed by the following 2 URLs.

http://ipodtouchisapro.net/jbpourlesnuls/.../redsn0w0.9.6rc15.exe

http://dc395.4shared.com/download/.../redsn0w.exe

Scan redsn0w.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.