home

allcerts2012.exe

GOI_Install-CACertificate

Ministry Of Finance- Accountant General

Publisher:
Ministry Of Finance- Accountant General  (signed and verified)

Product:
GOI_Install-CACertificate

Version:
1.0.0.0

MD5:
9c5130f077df55eb0c3c29795f597809

SHA-1:
4decd586e7658f6d1da834eebf6c6715ccb57e51

SHA-256:
4bbe0bc1a2ff3c2056ad2b66df49ac7b58087292872123d0a9682b1cec4f7550

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/23/2024 5:11:20 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.RDM.34!5.28[F1]
23.00.65.16510

File size:
73.7 KB (75,448 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
GOI_Install-CACertificate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\allcerts2012.exe

Digital Signature
Signed by:
Ministry Of Finance- Accountant General

Authority:
VeriSign, Inc.

Valid from:
1/18/2012 2:00:00 AM

Valid to:
1/10/2015 1:59:59 AM

Subject:
CN=Ministry Of Finance- Accountant General, OU=E-Gov Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ministry Of Finance- Accountant General, L=Jerusalem, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
63AC4DCEC2A7D337D8F005E4570A303B

File PE Metadata
Compilation timestamp:
3/13/2013 9:59:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:KqKQSYKXgkQLexyq+wbaJ7RMgh8DYxYyuPi0DqInDn/w1lf3cJB0ndKLPyhz4000:pKQrKRkOy8yunDn/wNcvxP4T8L8G5Ud

Entry address:
0x133BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.3275

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
69 KB (70,656 bytes)

The file allcerts2012.exe has been seen being distributed by the following 2 URLs.

https://forms.gov.il/.../allCerts2012.exe

http://forms.gov.il/.../allCerts2012.exe

Scan allcerts2012.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.