home

576f8d01

GPG4Win (2.2.4)

Intevation GmbH

The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from files.gpg4win.org.
Publisher:
g10 Code GmbH  (signed by Intevation GmbH)

Product:
GPG4Win (2.2.4)

Description:
Gpg4win: The GNU Privacy Guard and Tools for Windows

Version:
2.2.4.32249

MD5:
827c0d36b22bfdbc8ab95b891687b19c

SHA-1:
5a702c1b357be6427d96b772f673840e2762d222

SHA-256:
4a8a3cb9d3ba8ea2f23e45c6a3d4b2e074b22d692044d4778d51695df67488a7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:07:30 AM UTC  (today)

File size:
4.2 MB (4,383,384 bytes)

Copyright:
Copyright (C) 2008 g10 Code GmbH

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\application data\thunderbird\profiles\{user}.default\cache\2\ef\576f8d01

Digital Signature
Signed by:
Intevation GmbH

Authority:
GlobalSign nv-sa

Valid from:
6/20/2013 8:48:08 AM

Valid to:
9/10/2016 3:27:26 AM

Subject:
E=codesigning@intevation.de, CN=Intevation GmbH, O=Intevation GmbH, L=Osnabrueck, S=Niedersachsen, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112117F638BDC993B761C6073D63C2F86EC4

File PE Metadata
Compilation timestamp:
1/5/2012 12:21:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:OhUVJV0sCpNpeO0AqAAPeYbN/iseSqOgBiPGboUsRQuXViy:OhOOp7hbqAAPemN/taTBiPbUXuXVj

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file 576f8d01 has been seen being distributed by the following URL.

http://files.gpg4win.org/gpg4win-vanilla-2.2.4.exe

Scan 576f8d01 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.