home

181849_poordad_23638.exe

The Sheridan Press

Publisher:
The Sheridan Press  (signed and verified)

Description:
iWrapper (NEJM_181849_Poordad_23638)

Version:
0, 0, 0, 0

MD5:
be8941a5aa823dd2bbde1a1768e119aa

SHA-1:
900487d120652e1d764bc674c6c55fde44307835

SHA-256:
198ab7a6f1451e44c95eebc33476c653772b52686690c89765e5f6cb33904bc1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/23/2024 1:42:24 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/18155

File size:
4.5 MB (4,765,256 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright © 2011 iWrapper, LLC

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\181849_poordad_23638.exe

Digital Signature
Signed by:
The Sheridan Press

Authority:
Thawte, Inc.

Valid from:
4/4/2011 8:00:00 PM

Valid to:
4/11/2012 7:59:59 PM

Subject:
CN=The Sheridan Press, OU=IT, O=The Sheridan Press, L=Hanover, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
06AE0B7EC76B4809518FF8FA751C505A

File PE Metadata
Compilation timestamp:
10/2/2007 6:49:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:L1l7sHd9UgoO7HBpPrNvTh/mQJQz44WV2o+j8yQEZ9AWML:LWh/7BpPrNvTdmQJq+M4W9AWw

Entry address:
0x1000

Entry point:
68, 01, 20, A4, 00, E8, 01, 00, 00, 00, C3, C3, FF, 87, 73, 4C, BD, EA, A7, 4D, A0, 8B, 61, 17, 27, F5, 2F, 5E, 91, 83, 40, 4B, 24, 31, B2, C3, 97, 16, 88, 96, 3B, D0, F9, 71, 43, 44, 65, 42, 21, A3, 20, F6, 80, 06, B3, 38, AD, B2, 05, D7, 6A, B2, 43, 90, FE, A4, 5D, 71, 57, CB, 67, BE, 82, BE, 89, 5A, B2, 0F, 36, 41, 30, 29, B3, 25, BC, 15, 33, 16, D3, 3B, AE, 9E, CA, CC, A6, D3, BB, 1B, 6B, 22, DE, 7F, F3, F2, D0, 0A, 37, FD, 8C, 9B, A4, 64, 00, CD, CD, FE, 7D, B3, 1E, 1F, 3A, D3, F5, 25, 6B, DE, 70, EA...
 
[+]

Entropy:
7.9978

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
184 KB (188,416 bytes)

Scan 181849_poordad_23638.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.