home

av.exe

USBVirusScan

Didier Stevens

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AV_CyberSpot’.
Publisher:
Didier Stevens (https://DidierStevens.com)  (signed by Didier Stevens)

Product:
USBVirusScan

Description:
Utility to start your AV (or any other program) when a USB drive is inserted. Use at your own risk.

Version:
1.7.5.0

MD5:
0eb892aa49cce2aca0babc4d7bb26e98

SHA-1:
869df02a210f53b9136f45ab69ca37eee739fefe

SHA-256:
fe0145d87614afb6edcb28d13ad861596b807e20b371a9cf4a808b5e6c47832a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/1/2024 4:45:01 PM UTC  (today)

File size:
67 KB (68,632 bytes)

Product version:
1.7.5.0

Copyright:
Public domain

Original file name:
USBVirusScan.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cyberspot\av.exe

Digital Signature
Signed by:
Didier Stevens

Authority:
GlobalSign nv-sa

Valid from:
10/24/2011 11:46:09 AM

Valid to:
10/24/2012 11:46:09 AM

Subject:
CN=Didier Stevens, C=BE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192293FEEEB24FAF6553F2DBF6EBCC8CD

File PE Metadata
Compilation timestamp:
8/28/2012 1:29:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
1536:6JRIEe+QqzhU7BYwGLRb2x15gzv2X5GMGl9C4hZy:6Ja6QqzkLxPgzeWIOZy

Entry address:
0x1000

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 1C, B1, 40, 00, A1, 0F, B1, 40, 00, C1, E0, 02, A3, 13, B1, 40, 00, 52, 6A, 00, E8, B1, 98, 00, 00, 8B, D0, E8, 7E, 20, 00, 00, 5A, E8, 14, 14, 00, 00, E8, 77, 20, 00, 00, 6A, 00, E8, D8, 2C, 00, 00, 59, 68, B8, B0, 40, 00, 6A, 00, E8, 8B, 98, 00, 00, A3, 17, B1, 40, 00, 6A, 00, E9, 6F, 7A, 00, 00, E9, 06, 2D, 00, 00, 33, C0, A0, 01, B1, 40, 00, C3, A1, 17, B1, 40, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, 9C, 00, 00, 00, 0B, C9...
 
[+]

Entropy:
6.4948

Code size:
39 KB (39,936 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AV_CyberSpot

Command:
C:\Program Files\cyberspot\av.exe -i -c C:\Program Files\cyberspot\ex.exe


Scan av.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.