home

cajviewer7.2.self.exe

Microsoft Windows Operating System

Tongfang Knowledge Network Technology (Beijing) Co.,Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable cajviewer7.2.self.exe, “Win32 Cabinet Self-Extractor ” has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from soft.duote.org.
Publisher:
Microsoft Corporation  (signed by Tongfang Knowledge Network Technology (Beijing) Co.,Ltd.)

Product:
Microsoft(R) Windows(R) Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
008271dc7235e897fda6bc2ec2dbea93

SHA-1:
fe18ef6bb7f6bce37136dec0d044167ffb4f8842

SHA-256:
e22a09316fad55bf75e604c86621cf22ea2defdd8d7565f282c1915cc5d4a174

Scanner detections:
3 / 68

Status:
Malware

Explanation:
cajviewer7.2.self.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:
4/25/2024 10:33:20 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
DLOADER.Trojan
9.0.1.0285

F-Prot
W32/S-c0a2b2fd
v6.4.7.1.166

NANO AntiVirus
Trojan.Win32.Ramnit.dhabgs
0.30.26.3725

File size:
37.3 MB (39,083,448 bytes)

Product version:
6.00.2900.5512

Copyright:
(C) Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\cajviewer7.2.self.exe

Digital Signature
Signed by:
Tongfang Knowledge Network Technology (Beijing) Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
9/8/2011 7:00:00 PM

Valid to:
9/8/2013 6:59:59 PM

Subject:
CN="Tongfang Knowledge Network Technology (Beijing) Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Tongfang Knowledge Network Technology (Beijing) Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
40A9BABF226ECFED06EBE4C770CD1A8A

File PE Metadata
Compilation timestamp:
4/13/2008 1:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
786432:cnUN/saUG4Ov0COWnRl8iv0j7u7mG9EUrJ5sgKXniaALmTKRmi:cnUNEa/V00nSg9EUrJ5sggniaAKTKRT

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Entropy:
7.9997

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file cajviewer7.2.self.exe has been seen being distributed by the following URL.

http://soft.duote.org/cajviewer.exe

Remove cajviewer7.2.self.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.