» chinese+wordstar+software_10924_i84503222_il345.exe
Overview
Analysis
File Details

chinese+wordstar+software_10924_i84503222_il345.exe

FlashGet

KASHTAN OOO

The executable chinese+wordstar+software_10924_i84503222_il345.exe has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software.

File name:

Publisher:

Trend Media Corporation Limited. (signed by KASHTAN OOO)

Product:

FlashGet

Description:

FlashGet Setup

Version:

3.7.0.1203

MD5:

92471fb7fc3ab38f19fb736aba3d474a

SHA-1:

da787814dfa77a021ffcf83232f344897b120ce7

SHA-256:

2dac1937c1d1cf86526e138f1f9075607637bf7b15af6b3566940367deb4214f

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

5/15/2024 12:32:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.15.13

File size:

3.8 MB (4,017,368 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\chinese+wordstar+software_10924_i84503222_il345.exe

Digital Signature

Signed by:

KASHTAN OOO

Authority:

Thawte, Inc.

Valid from:

7/5/2015 8:00:00 AM

Valid to:

5/22/2016 7:59:59 AM

Subject:

CN=KASHTAN OOO, O=KASHTAN OOO, L=Naberezhnye Chelny, S=Tatarstan republic, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

468BE39F7FCABE2D4D2D070862DD916B

File PE Metadata

Compilation timestamp:

11/14/2015 2:02:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x3B33C3

Entry point:

68, B9, 7D, A3, EC, E8, EA, 9E, FE, FF, 2B, D1, 2B, F1, E9, DD, 26, 01, 00, 00, 00, 47, 65, 74, 45, 6E, 76, 69, 72, 6F, 6E, 6D, 65, 6E, 74, 53, 74, 72, 69, 6E, 67, 73, 57, 00, 13, CC, 8C, FA, DC, 1A, 92, EB, A4, E6, B2, FF, CC, BF, 11, CE, F6, 54, 06, 86, AC, 33, F3, 33, 92, B6, 42, 73, 49, 02, 39, 9C, 3C, 51, 38, F8, 4A, 5B, 52, 96, 99, F1, 5C, 7F, BD, 6C, EA, 7C, C6, 3A, 71, 2A, AB, 83, 99, D1, AF, 74, 5A, 3B, E7, ED, 4C, 9E, D5, 22, 9E, 9C, 57, D4, 54, BE, F7, EE, DC, 81, 5D, 6C, DA, 6B, DD, 0F, 87, 04... 
[+]

Entropy:

7.4898

Code size:

3.4 MB (3,550,720 bytes)

Remove chinese+wordstar+software_10924_i84503222_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.