» setup_avrokeyboard_4.5.1.exe
Overview
Analysis
File Details
Downloads (9)

setup_avrokeyboard_4.5.1.exe

OmicronLab

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from 10.10.10.10 and multiple other hosts.

File name:

Publisher:

OmicronLab

Description:

Avro Keyboard - UNICODE compliant FREE Bangla typing softwar

Version:

Avro Keyboard 4.5.1

MD5:

a15ebb8862c45298ac743c7de75529f2

SHA-1:

96211e55d85fecd72121c00bc14e930eff9e3f0a

SHA-256:

a051018f0115eea402f6eb706d37c80c28219c669a6d537cb25082cbbc3eed9c

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/18/2024 4:24:05 AM UTC (today)

Scan engine

Detection

Engine version

ViRobot

Trojan.Win32.A.Autoit.11279663[h]

2014.3.20.0

File size:

10.8 MB (11,279,663 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:OFaNAGe/644oMb+QJhpyMfUWZO4x2zofsrN1inexeuitLFRA:dNjeV4oMqQJhpJBZOzjLafui5w

Entry address:

0x98D8

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, EE, 97, FF, FF, E8, F5, A9, FF, FF, E8, 20, CC, FF, FF, E8, 67, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 82, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 38, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 9F, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9998

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file setup_avrokeyboard_4.5.1.exe has been seen being distributed by the following 9 URLs.

http://10.10.10.10/17. Latest update software/.../setup_avrokeyboard_4[1].5.1.exe

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=56facb2ae4&view=att&th=152795b9bb2c38d5&attid=0.1&disp=safe&realattid=f_iju47ij70&zw&sadnir=1&saddbat=ANGjdJ981snxJDNFQIAPrFagbC5Kmel7fzU6gV572IKoz2Zg2dX6wnso4Xfjc9F15Jn008MFnRCZayDjXTzP406w-DqX9S5-1UMUHwZJiG6ucMBz4jv3AxNjfqQzcauVbvLj7CpGZ3zjF3wxDDhbDkk4zwh9JGDiod_0EAbVlLGXuysXepfPRcl89yY3tKtTegrqfpx116A7NW_r3xcMa17nMLJcN37ZJbNMyHh9CUI3bBT2oiJhWyWjyDHU1rp2xFMToQP3QIjofWyQ0ter-izRh-Vn-MFx9wbWcWAhOrFc7XnOFgOVgIC0ZdHvhS618aAkeBJgQib7NmUiWf9JgKP-UJqXs2jF9zkrc3oj73dTbF5uOCqbdnclGNFLXAMHJtzY7oD7HLJjNXhxrH0eZJpzKDUDEkGVpDkH3dQdmMF45aynDyYE0Qosm1isGSrTooh_4xXxLk3bX2ftXEolfp5Ab3p4PxZS8iqkhuWN0CLcRstgVSrVy311VdVtShaG21icTBHVnxdvRQPFWqRSYAhzcEpuAWqHtoBtzUCKTb9vXJuaSjY06fVA1dVwX06Hya3AmBmlsKoef-KgShgGATkDmrpDBz-mnGi1DUfJYp7i8nl9-Sux4lc3LpR2ubthjQ8oGiP3RMT_SgYCau_D69LxzzXuK169S_sksqNwSw

http://10.55.35.3/index.php?option=com_docman&task=doc_download&gid=684&Itemid=342

http://files.fyxm.net/7/.../setup_avrokeyboard_4.5.1.exe

https://www.omicronlab.com/.../setup_avrokeyboard_4.5.1.exe

http://download2082.mediafire.com/d7wxaz46bbeg/.../???? ????? setup_avrokeyboard_4.5.1.exe

http://www.omicronlab.com/.../setup_avrokeyboard_4.5.1.exe

http://avro-keyboard.software.informer.com/.../

http://downloads.fyxm.net/download-file-7085.html

Scan setup_avrokeyboard_4.5.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.