» _update-e0ba-3b52-7621-7b32.exe
Overview
Analysis
File Details
Downloads (1)

_update-e0ba-3b52-7621-7b32.exe

Netsoft Holdings, LLC

The executable _update-e0ba-3b52-7621-7b32.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from app.hubstaff.com.

File name:

Publisher:

Netsoft Holdings, LLC (signed and verified)

MD5:

7908a39cae80cc25887df6343b78cfe4

SHA-1:

d5cfee622beff8ce9ed42bb12936f03c1f0f1871

SHA-256:

331a053a5ef88a021e1ed5cfcc5034498e279c4d266db4e47bbdb0277f7e304d

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

5/3/2024 5:52:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

17.1.30.16

File size:

8.8 MB (9,248,688 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\_update-e0ba-3b52-7621-7b32.exe

Digital Signature

Signed by:

Netsoft Holdings, LLC

Authority:

GoDaddy.com, Inc.

Valid from:

2/14/2015 3:21:39 AM

Valid to:

2/14/2017 3:21:39 AM

Subject:

CN="Netsoft Holdings, LLC", O="Netsoft Holdings, LLC", L=Fishers, S=Indiana, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

523A281F8527B211

File PE Metadata

Compilation timestamp:

7/21/2012 5:18:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

Entry address:

0x4171

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, C7, 04, 24, 08, 00, 00, 00, A3, 30, 7B, 42, 00, E8, 6D, 3C, 00, 00, A3, 8C, 7B, 42, 00, 8D, 85, 88, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Entropy:

7.9388 (probably packed)

Code size:

34 KB (34,816 bytes)

The file _update-e0ba-3b52-7621-7b32.exe has been seen being distributed by the following URL.

https://app.hubstaff.com/.../windows

Remove _update-e0ba-3b52-7621-7b32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.