home

upgrade3.64.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from d.shamela.ws.
MD5:
29448c7c5f02e997fabdfe82edcc979c

SHA-1:
625dbc56f68d3c9e395ae1d8a8dd90bdcee50a56

SHA-256:
05f1a9114fb71cedb6e845e60afe0c235782396613a2746351a27659d45b3e36

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 1:44:42 PM UTC  (today)

File size:
14.1 MB (14,799,527 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/28/2011 7:04:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:FamAOzEx9CypKz57Z8k69i2vD1NBaZdamos2tbUtXYQkukyqpL9C0UT8VLuAM85q:FaZMNVCh9iGSZTos86yhyqjC0VuAMCq

Entry address:
0xB480

Entry point:
60, BE, 97, 58, 0A, 7A, BE, 16, 8B, 6F, AD, 35, BE, 39, C7, 6D, 03, D9, 69, EA, 1E, 9B, BA, 59, 68, FF, 64, 64, 00, F2, 86, D4, 20, D3, 20, F5, EB, 03, F6, C6, A9, E8, 00, 00, 00, 00, 88, CE, F7, C2, 97, 2F, C6, 53, FF, CE, C6, C6, 37, 88, C4, F2, 10, E3, F2, F3, 68, 74, 60, 00, 00, 81, FE, 2D, 46, 00, 00, 77, 0D, 69, F0, 65, 2C, F7, 53, C7, C5, 3D, F4, 4B, B9, F3, 58, 8D, 1D, 3E, BD, D5, B0, 87, D6, 69, EE, 8D, 87, FF, CE, 2D, 22, 08, 00, 00, 88, F3, 4D, 69, F2, D7, 42, F1, 9A, 2B, C8, 4F, 80, D2, 91, 47...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
70.5 KB (72,192 bytes)

The file upgrade3.64.exe has been seen being distributed by the following URL.

http://d.shamela.ws/.../upgrade3.64.exe

Scan upgrade3.64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.