home

remove_cosmetics_by_sanyabane_v0.4.exe

MD5:
e9005e52ad2da314c5df2e1f650f5c17

SHA-1:
eb17b54ad8f4df558cf84a1f8eb8797f3088f115

SHA-256:
88df6c9c2527d729941b8838106ec71612ebad02c1002d6c5a7905da931a4410

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:55:34 AM UTC  (today)

File size:
438 KB (448,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\remove_cosmetics_by_sanyabane_v0.4.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:pR7F2azSt/m8MVnGAEFneUk0PczmbNrO7fG4kI0EAWPMmwTwnwQ0DBtchPllGQ:Lp2aut/HM9Gg848I0Ezw7Djchr

Entry address:
0x59B3C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, 99, 45, 00, E8, 3C, C7, FA, FF, A1, 1C, B1, 45, 00, 8B, 00, E8, F8, BE, FF, FF, 8B, 0D, 08, B2, 45, 00, A1, 1C, B1, 45, 00, 8B, 00, 8B, 15, E0, 71, 45, 00, E8, F8, BE, FF, FF, 8B, 0D, 40, B2, 45, 00, A1, 1C, B1, 45, 00, 8B, 00, 8B, 15, F0, 6F, 45, 00, E8, E0, BE, FF, FF, A1, 1C, B1, 45, 00, 8B, 00, E8, 54, BF, FF, FF, E8, A3, A7, FA, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5838

Developed / compiled with:
Microsoft Visual C++

Code size:
355 KB (363,520 bytes)

The file remove_cosmetics_by_sanyabane_v0.4.exe has been seen being distributed by the following URL.

https://docviewer.yandex.com/source?id=4027-9h8oidx733mrkhr8tp6jhatm22dy2e095qv99kruyrad8ycm2h3p35u3rozv7k7n3wxmwojc259d9nu8zhyob7ifhkxosl5k2hw&archive-path=//Remove_Cosmetics_by_sanyabane_v0.4.exe&ts=14c1c1b3cf9&token=mlD7Px3Pgaq3nUPd7RxXuQ==&name=Remove_Cosmetics_by_sanyabane_v0.4.rar

Scan remove_cosmetics_by_sanyabane_v0.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.