home

restoration-3.2.1.3.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
MD5:
33c629e67098cdabe6a5c55ebd373085

SHA-1:
34ae0bcecc5b54fb1a6675c75c08295871cf293e

SHA-256:
38a7c797ec948cf063ecf66edbfce122550e9b26d35290b53f63608a4d8c5f6b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/30/2024 1:31:42 AM UTC  (today)

File size:
163.8 KB (167,773 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\restoration-3.2.1.3.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:YEevcI0ZQksHrxiY3HE6gczjhSXg1erfyrwlLL3kHhHd/7DhE+K3Vhzm3:YJcPsL9/gcpSXgwyr+MVAhzm3

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 41, 49, 8E, 2E, 49, E8, DE, FB, E0, 88, 01, 00, 00, 30, 03, 00, 0F, 00, 00, 00, 52, 65, 73, 74, 6F, 72, 61, 74, 69, 6F, 6E, 2E, 65, 78, 65, EC, 5A, 7D, 78, 54, D5, 99, BF, 77, E6, 26, 0C, 61, C2, 8C, 32, B1, 43, 1B, EA, E8, 5E, EC, 40, 02, CD, E3, A8, CB, 1A, D8, 26, 21, 8E, 69, 9B, E2, 9D, 7C, DA, 05, 03, 56, CC, 0E, F3, 20, 22, 4E, D0, DD, 45, 9B, 38, 09, 9D, B9, 87, B1, D4, AA, CF, B2, AB, 95, 7C, A8, 28, 48, C0, F2, B8, C1, FA, 34, 33, 09, 92, 80, 0A, 24, 58, C0...
 
[+]

Entropy:
7.9976  (probably packed)

The file restoration-3.2.1.3.exe has been seen being distributed by the following 4 URLs.

http://files.downloadnow.com/s/software/11/01/67/.../Restoration.zip?token=1469932856_f8ecc87c6f0ce0bcd0158fc554dca3aa&fileName=Restoration.zip

http://www3.telus.net/.../Restoration.zip

http://files.downloadnow.com/s/software/11/01/67/.../Restoration.zip?token=1462791445_19e2b701a5da82ac406a80e9b3bce35d&fileName=Restoration.zip

http://files.downloadnow.com/s/software/11/01/67/.../Restoration.zip?token=1449504821_ee7b45225dd1c6da7f0802dcfd87f415&fileName=Restoration.zip

Scan restoration-3.2.1.3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.