» alphaplan4_5_zone_on.exe
Overview
Analysis
File Details

alphaplan4_5_zone_on.exe

ALPHAPLAN 4

CVS Ingenieurgesellschaft mbH

The executable alphaplan4_5_zone_on.exe, “Disable intranet start of CVS files” has been detected as malware by 1 anti-virus scanner.

File name:

Publisher:

CVS Ingenieurgesellschaft mbH (signed and verified)

Product:

ALPHAPLAN 4

Description:

Disable intranet start of CVS files

Version:

4,5,0,1

MD5:

f6a241cdcf684355130e08bde4e5ca4a

SHA-1:

eb5132ecfcf24f20046053a53b9b305eaa9162b4

SHA-256:

9a5cbd811b0a3fb1ba4f71e7eeb654a874948f0520c6d55464c2b88ff49f6ff7

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/25/2024 9:22:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.1.4

File size:

43.8 KB (44,864 bytes)

Product version:

4.5.0.1

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\cvs ingenieurgesellschaft mbh\alphaplan 4.5 client\caspol\alphaplan4_5_zone_on.exe

Digital Signature

Signed by:

CVS Ingenieurgesellschaft mbH

Authority:

VeriSign, Inc.

Valid from:

6/6/2013 2:00:00 AM

Valid to:

9/6/2015 1:59:59 AM

Subject:

CN=CVS Ingenieurgesellschaft mbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CVS Ingenieurgesellschaft mbH, L=Bremen, S=Bremen, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0F942ED2FF6C49B6B83277DBA7FE5D2D

File PE Metadata

Compilation timestamp:

7/30/2014 6:14:56 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

768:4bsCogv5ESs9BDykUWZ0+uD3jqE3ViCSOfoJ:cREBs+O3jqlOQJ

Entry address:

0x1000

Entry point:

68, D0, 00, 00, 00, 68, 00, 00, 00, 00, 68, 04, B0, 40, 00, E8, 7C, 21, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 75, 21, 00, 00, A3, 08, B0, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 62, 21, 00, 00, A3, 04, B0, 40, 00, E8, BC, 1F, 00, 00, E8, 07, 67, 00, 00, E8, 99, 5A, 00, 00, E8, CD, 52, 00, 00, E8, BB, 3C, 00, 00, E8, E3, 32, 00, 00, E8, 8E, 2F, 00, 00, E8, 19, 2B, 00, 00, E8, 6D, 28, 00, 00, 68, 07, 00, 00, 00, 68, 34, A2, 40, 00, 8D, 05, D0, B0, 40, 00, 50, 68, 08, 00... 
[+]

Packer / compiler:

PKLITE32, 0x1.1

Code size:

27.5 KB (28,160 bytes)

Remove alphaplan4_5_zone_on.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.