home

d105d38cc132beac791f3aebad738dda.exe

Windows Live Messenger 2009 安装程序

上海美斯恩网络通讯技术有限公司

This is a self-extracting archive and installer. The file has been seen being downloaded from download.get.live.cn and multiple other hosts.
Publisher:
MSN China  (signed by 上海美斯恩网络通讯技术有限公司)

Product:
Windows Live Messenger 2009 安装程序

Description:
Install_WLMessenger

Version:
3,0,0,1115

MD5:
559ee994e1997ea2621b679ce77e676d

SHA-1:
919bf86d39e3099c411279ee0bf157799ad14fe5

SHA-256:
8a9b9341f3b839e23856b0fca20dd674a64643e84c8dd6f06c511dd5c7a1c1ae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:47:27 AM UTC  (today)

File size:
5.5 MB (5,785,152 bytes)

Product version:
3,0,0,1115

Copyright:
Copyright (C) 2009

Original file name:
Install_WLMessenger.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\d105d38cc132beac791f3aebad738dda.exe

Digital Signature
Signed by:
上海美斯恩网络通讯技术有限公司

Authority:
WoSign, Inc.

Valid from:
6/30/2009 8:00:00 AM

Valid to:
6/30/2012 7:59:59 AM

Subject:
CN=上海美斯恩网络通讯技术有限公司, OU=Class 3 - for Microsoft Authenticode Signing, O=上海美斯恩网络通讯技术有限公司, L=上海, S=上海, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
00ADE6E32460C1CD93C987A4725A4AF600

File PE Metadata
Compilation timestamp:
11/15/2011 12:35:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:YproxSTyI1IlNrZ23AbsK6Ro022JjL2WEiVqJZa/rJSvHfX:GsETPkJADmmxL2WEoCZa6

Entry address:
0x1782F

Entry point:
E8, 83, 88, 00, 00, E9, 17, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 74, 14, 43, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 74, 14, 43, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 44, 24, 04, A3, E4, 3A, 43, 00, C3, FF, 35, E4...
 
[+]

Entropy:
7.2792

Code size:
160 KB (163,840 bytes)

The file d105d38cc132beac791f3aebad738dda.exe has been seen being distributed by the following 2 URLs.

http://download.get.live.cn/files/WLE2009/.../Install_WLMessenger.exe

http://122.72.12.81:9090/data1/a/d/8d/.../d105d38cc132beac791f3aebad738dda.exe#ickey=1

Scan d105d38cc132beac791f3aebad738dda.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.