» alphaplan4_5_zone_off.exe
Overview
Analysis
File Details

alphaplan4_5_zone_off.exe

ALPHAPLAN 4

CVS Ingenieurgesellschaft mbH

The executable alphaplan4_5_zone_off.exe, “Enable intranet start of CVS files” has been detected as malware by 1 anti-virus scanner.

File name:

Publisher:

CVS Ingenieurgesellschaft mbH (signed and verified)

Product:

ALPHAPLAN 4

Description:

Enable intranet start of CVS files

Version:

4,5,0,1

MD5:

91c0e86a08a6956ce121a8e17ac547de

SHA-1:

4d1ecca5859b7e8d830a1475e95c1553e87fbc11

SHA-256:

205cbbd08e9138b72025fd0c41c9560dc850d876c1c3f6ed5caec425a8571f71

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/24/2024 7:48:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.1.4

File size:

43.3 KB (44,352 bytes)

Product version:

4.5.0.1

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\cvs ingenieurgesellschaft mbh\alphaplan 4.5 client\caspol\alphaplan4_5_zone_off.exe

Digital Signature

Signed by:

CVS Ingenieurgesellschaft mbH

Authority:

VeriSign, Inc.

Valid from:

6/6/2013 2:00:00 AM

Valid to:

9/6/2015 1:59:59 AM

Subject:

CN=CVS Ingenieurgesellschaft mbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CVS Ingenieurgesellschaft mbH, L=Bremen, S=Bremen, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0F942ED2FF6C49B6B83277DBA7FE5D2D

File PE Metadata

Compilation timestamp:

7/30/2014 6:14:56 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

768:9bsCogv5ESs9BDykUWZ0+uD3jqE3ViCtOZPX:bREBs+O3jqiOhX

Entry address:

0x1000

Entry point:

68, D0, 00, 00, 00, 68, 00, 00, 00, 00, 68, 04, B0, 40, 00, E8, 7C, 21, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 75, 21, 00, 00, A3, 08, B0, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 62, 21, 00, 00, A3, 04, B0, 40, 00, E8, BC, 1F, 00, 00, E8, 07, 67, 00, 00, E8, 99, 5A, 00, 00, E8, CD, 52, 00, 00, E8, BB, 3C, 00, 00, E8, E3, 32, 00, 00, E8, 8E, 2F, 00, 00, E8, 19, 2B, 00, 00, E8, 6D, 28, 00, 00, 68, 07, 00, 00, 00, 68, 34, A2, 40, 00, 8D, 05, D0, B0, 40, 00, 50, 68, 08, 00... 
[+]

Packer / compiler:

PKLITE32, 0x1.1

Code size:

27.5 KB (28,160 bytes)

Remove alphaplan4_5_zone_off.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.