home

307-microsoft_gif_animator-v1.0-mid347-l-ax86.exe

Microsoft Plus! for Windows 95

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from www.laboratorycenterconecpt.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Plus! for Windows® 95

Description:
Win32 Cabinet Self-Extractor

Version:
4.70.1168

MD5:
3f78f58450a3c53df498e53eb60aca73

SHA-1:
6e7830745c9120b54e50dedb0bf869811028507e

SHA-256:
b4a03161bf78ed20696a7257a0c7d3d75c8bdfc822c8b50a8b6049ba00d006c8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:03:51 PM UTC  (today)

File size:
1.1 MB (1,104,384 bytes)

Product version:
4.70.1168

Copyright:
Copyright © Microsoft Corp. 1995

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\307-microsoft_gif_animator-v1.0-mid347-l-ax86.exe

File PE Metadata
Compilation timestamp:
8/19/1996 11:56:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.10

CTPH (ssdeep):
24576:2pfmMxlQnVo/LWszP6Fw+pSdZO56Y6kRtNr4nosdFXpRbdP:vEGV4Wpi2K7FIr4nosdVZP

Entry address:
0x9CD0

Entry point:
64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 00, E0, 40, 00, 68, F0, BD, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 60, 53, 56, 57, 89, 65, E8, FF, 15, 8C, 84, 41, 00, A3, 9C, FA, 40, 00, 33, C0, A0, 9D, FA, 40, 00, A3, A8, FA, 40, 00, A1, 9C, FA, 40, 00, C1, 2D, 9C, FA, 40, 00, 10, 25, FF, 00, 00, 00, A3, A4, FA, 40, 00, C1, E0, 08, 03, 05, A8, FA, 40, 00, A3, A0, FA, 40, 00, E8, 9A, 20, 00, 00, E8, A5, 1F, 00, 00, 85, C0, 75, 0A, 6A, 10, E8, 2A, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00...
 
[+]

Entropy:
7.9478

Developed / compiled with:
Microsoft Visual C++ v4.2

Code size:
49 KB (50,176 bytes)

The file 307-microsoft_gif_animator-v1.0-mid347-l-ax86.exe has been seen being distributed by the following 7 URLs.

http://www.laboratorycenterconecpt.com/gLUsGWA7HLYOqBGKiicScKPWpQ2vIJ61ixiC4hzpDhrQ uIw2mKqaIYZhqfYlzuwW UOmFlNtpewsL2m7L584lUmEE2T6iV7CgicsReny0uy5dEdf2h8lqV wWZWnrNZPsCp61qcMPM dCjdYShzW0SsfiTihZWMPU99HDS9bzymw4rXvP4Pu1IeraG1pYvIvX5GVOG2 pChOXfMAxNajFYLwl0K4idTCA4l8VOO4dPJXvA_i8cECOgQd7oahTynMRhLBO8JywC6V1BYn4MX3UMCXetU1rvcXqDkE3W5_EHhPGqtKfjyDIVYkjyxzV3DguSCWEuaQJBAlMwF4Lj_F16YO4q8TgJvRSnzlZD460w6sMThmvGIGyg ZhxXFefxhTZwdHzLK_nfPL4qPJcB06fWY_zA5A3kofC4HCTnLZwoJEMUmTQL8QoNP56NZNNdHYQwHVq8rBeSVcUjVIvtCANjPMlDmhcK7UQ2R1lWWK k71pj7IbsCdz5F584auNtdiJqSXCqVPyEteMtKqOLk_YXfiVcHwWQatXjSupCwDaD_cj9r92rAdDMjG3sK1_cz5VHvodoSdAfQQfU9PabjId57O77 VuNtS1rNefpOu44KhLpk95sLWKKUzGAmvAmT8jhvqF-G0IAAMT0bNz0hJJuK6osT_L95HsTURrSSHYf6HK_SdSIp7FlWOdWLJyA87jjy6AkIohUKwtAtuer_t2gvwI=-e

http://moodle.pef.um.si/pluginfile.php/1817/mod_resource/content/.../gifsetup.exe

http://nauczyciel-info.cba.pl/.../gif.exe

http://cdn.toochargercontent.com/?ic_user_id=9178

http://files.snapfiles.com/.../gifsetup.exe

http://www.jhepple.com/support/ftp/.../gifsetup.exe

http://files.snapfiles.com/.../gifsetup.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.