home

pf400026.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from tele5.index-education.com.
MD5:
c738acf227e53d12ce4e777a4ba7c455

SHA-1:
aac14de85bcdfeedc147da4c3fbb9c520d5d7860

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/21/2025 7:45:07 AM UTC  (today)

File size:
5.1 MB (5,382,108 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\documents and settings\sp3_2014\mes documents\downloads\pf400026.exe

File PE Metadata
OS version:
266.12819

OS bitness:
Win16

Linker version:
3.0

CTPH (ssdeep):
98304:ZcyKb20b7ie/gMEIjyIKLdvxgZAv4Rf2ingB7fgKpsHwFML7hEXLQdbuf/SBFO:zgfGeeIjyIKL5xcReinWfXvkGXLiuXMU

Entry address:
0x6C0064

Entry point:
4D, 5A, 31, 01, 01, 00, 01, 00, 05, 00, 00, 00, FF, FF, 00, 00, 14, 00, 00, 00, 00, 00, 0D, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 01, 00, 00, 04, 00, 0D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 44, 69, 65, 73, 20, 69, 73, 74, 20, 65, 69, 6E, 65, 20, 57, 69...
 
[+]

Entropy:
7.9993  (probably packed)

Code size:
256 KB (262,147 bytes)

The file pf400026.exe has been seen being distributed by the following URL.

http://tele5.index-education.com/telechargement/pn/.../pf400026.exe

Scan pf400026.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.