home

BOOTICE.EXE

BOOTICE

www.ipauly.com

This is a setup program which is used to install the application. The file has been seen being downloaded from bootice.narod.ru and multiple other hosts.
Publisher:
www.ipauly.com

Product:
BOOTICE

Description:
引导扇区维护工具

Version:
2013.03.03

MD5:
ea8c7149d633d47ea1c4d98c447d5411

SHA-1:
ef9780dc5c5fcc60dfe16e46e10eea35deaa62bd

SHA-256:
d724aa9ae0a78c895bae8d394e0ce0091311be517842e9faec3ae42e924794ef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 10:49:31 AM UTC  (today)

File size:
321.5 KB (329,216 bytes)

Product version:
1.0.4.0

Copyright:
Pauly

Trademarks:
BOOTICE

Original file name:
BOOTICE.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\bootice.exe

File PE Metadata
Compilation timestamp:
3/3/2013 3:27:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:KY5Dq6nD1+wwY6N00qAgtKwXhtdlGNfBTjA/my6Z4owQ8I0JSjfrCYlWh1zk9eBT:K2DlLb6N0Sg9htMf+sD0JS/TlWH1BN/Z

Entry address:
0xD43C0

Entry point:
60, BE, 00, C0, 48, 00, 8D, BE, 00, 50, F7, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 4B, 23, 0D, 00, 57, 83, C3, 04, 53, 68, BB, 83, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
292 KB (299,008 bytes)

The file BOOTICE.EXE has been seen being distributed by the following 4 URLs.

http://bootice.narod.ru/.../BOOTICE.EXE

http://bootice.narod.ru/.../BOOTICE.EXE

http://bootice.narod.ru/.../BOOTICE.EXE

http://bootice.narod.ru/.../BOOTICE.EXE

Scan BOOTICE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.