» setup mcoffline v8.4.exe
Overview
Analysis
File Details
Downloads (2)

setup mcoffline v8.4.exe

MCoffline

MCoffline Team

This is a setup and installation application. The file has been seen being downloaded from xn--80aaycfjjdyvv.xn--p1ai and multiple other hosts.

File name:

Publisher:

MCoffline Team

Product:

MCoffline

Description:

MCoffline Setup

Version:

8.4.0.0

MD5:

7833ac7798f79d5c836dd5a15b5ea7a7

SHA-1:

d5afc8983f7043c712604bc7d3923786a363172a

SHA-256:

60182b533f8c590c6d26ad63936d742d4a54966295514170ec022b57440d1777

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

5/3/2024 8:40:43 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.6379

File size:

19.5 MB (20,458,496 bytes)

Product version:

8.4.0.0

Trademarks:

Original file name:

MCofflineSetup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup mcoffline v8.4.exe

File PE Metadata

Compilation timestamp:

10/21/2014 9:48:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

393216:OBohy99ExWUZDzjeHSkkQUnJup+GIvtPHjZWovEvdFdG6bO181ZDvi4Fz/:AodAUtzjeHSkrUJup+LBHjfvwdQGvX

Entry address:

0x13833DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, A4, 6A, D7, 56, B7, C7, E8, DB, 70, 20, 24, EE, CE, BD, C1, AF, 0F, 7C, F5, 2A, C6, 87, 47, 13, 46, 30, A8, 01, 95, 46, FD, D8, 98, 80, 69, AF, F7, 44, 8B, B1, 5B, FF, FF, BE, D7, 5C, 89, 22, 11, 90, 6B, 93, 71, 98, FD, 8E, 43, 79, A6, 21, 08, B4, 49, 62, 25, 1E, F6, 40, B3, 40, C0, 51, 5A, 5E, 26, AA, C7, B6, E9, 5D, 10, 2F, D6, 53, 14, 44, 02, 81, E6, A1, D8, C8, FB... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

19.5 MB (20,452,352 bytes)

The file setup mcoffline v8.4.exe has been seen being distributed by the following 2 URLs.

http://xn--80aaycfjjdyvv.xn--p1ai/.../download.php?id=3003

https://downloader.disk.yandex.ru/disk/5cef3aa6afa9bcb1680817c537d88286c6364e0bbd845f8d4316ae7b79ab5fa2/552d6122/.../x-msdownload&fsize=20458496&hid=76ef69648c3657118e77da254e263920&media_type=executable&tknv=v2

Scan setup mcoffline v8.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.