home

cyberlink.1129b_gm3_patch_vde111213-07.exe

CyberLink

This is a setup program which is used to install the application. The file has been seen being downloaded from update.cyberlink.com and multiple other hosts.
Publisher:
CyberLink  (signed and verified)

MD5:
51a572ded40375c1978d255fb96f2f03

SHA-1:
ef10e96c10dce022cb55fd604a1a617463f1886c

SHA-256:
5448c964f79f8925bc88c7edfff58dc0598e6acd25f7aef5dd1433cf7e27c128

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 1:59:34 PM UTC  (today)

File size:
107.3 MB (112,558,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cyberlink.1129b_gm3_patch_vde111213-07.exe

Digital Signature
Signed by:
CyberLink

Authority:
VeriSign, Inc.

Valid from:
2/17/2009 12:00:00 AM

Valid to:
4/13/2012 12:59:59 AM

Subject:
CN=CyberLink, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CyberLink, L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37D3740FB04DB7FA54DFDF358BEF6D5F

File PE Metadata
Compilation timestamp:
5/22/2007 5:59:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
3145728:5/4jpsX4/h7qW7CVP7Kbr+fzbTGRv1CoqvnwyO22+SrK6V1:NOKXEhsVP7LaRYoqvwAgrK6P

Entry address:
0x1000

Entry point:
E8, 2F, 2B, 00, 00, 50, E8, 3F, 31, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E1, 50, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 52, 47, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, 9E, 33, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, A4, 69, 41, 00, 6A, 65, 56, E8, E4, 32, 01, 00, 6A, 01, 56, E8, BE, 32, 01, 00...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
80 KB (81,920 bytes)

The file cyberlink.1129b_gm3_patch_vde111213-07.exe has been seen being distributed by the following 3 URLs.

http://update.cyberlink.com/ftpdload/patch/PowerDirector/.../CyberLink.1129b_GM3_Patch_VDE111213-07.exe

http://download.cyberlink.com/ftpdload/patch/PowerDirector/.../CyberLink.1129b_GM3_Patch_VDE111213-07.exe

https://membership.cyberlink.com/prog/support/.../download.do

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.