home

d8246eb7-17c1-4476-a972-aed8f57ff1ec.exe

KODAK Create@Home Software (für dm)

Eastman Kodak Company

This is a self-extracting archive and installer. The file has been seen being downloaded from t.qservz.com and multiple other hosts.
Publisher:
Eastman Kodak Company  (signed and verified)

Product:
KODAK Create@Home Software (für dm)

Description:
This installer database contains the logic and data required to install KODAK Create@Home Software (für dm).

Version:
7.8.1392

MD5:
68a026a07960593bef9dcbb22054cf6f

SHA-1:
674c2a1342bc418237ea19fce13d70734e57de32

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 5:23:44 PM UTC  (today)

File size:
97.5 MB (102,239,928 bytes)

Product version:
7.8.1392

Copyright:
Copyright (C) Eastman Kodak Company

Original file name:
MyPhotoCreationInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\d8246eb7-17c1-4476-a972-aed8f57ff1ec.exe

Digital Signature
Signed by:
Eastman Kodak Company

Authority:
VeriSign, Inc.

Valid from:
1/23/2012 1:00:00 AM

Valid to:
1/23/2015 12:59:59 AM

Subject:
CN=Eastman Kodak Company, OU=NexPress, OU=Digital ID Class 3 - Java Object Signing, O=Eastman Kodak Company, L=Rochester, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
14100B5B5F8405B75D20111D4E87D2A7

File PE Metadata
Compilation timestamp:
5/23/2012 12:21:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3145728:IMntOFaOLVwcD5eYDvM7hOze+fIXjuH38AM:/gsOLVl5eYDv6+UuFM

Entry address:
0x2E05E

Entry point:
E8, 90, 91, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, 8A, FA, FF, FF, 33, DB, 39, 5D, 08, 75, 2E, E8, 3E, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, C6, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C7, 00, 00, 00, 56, 8B, 75, 0C, 3B, F3, 75, 2E, E8, 08, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 90, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8...
 
[+]

Code size:
253 KB (259,072 bytes)

The file d8246eb7-17c1-4476-a972-aed8f57ff1ec.exe has been seen being distributed by the following 5 URLs.

https://t.qservz.com/tr.aspx?campaign=5c645cc19a53ac1dfb155840d886050c&type=pps&retmode=3&orderid=&level=sale&redirect_url=http://.../tcr.php?cl=8333134323236323131303&v=&vz=sale_1&vv=&po=&c1=&c2=&c3=&c4=&pi=&redirect=http://create.kodak.com/asset-s/01/e/ed/edb/edb1d315-a10d-4988-adef-ebe072a401fa.exe

http://www.create.kodak.com/asset-s/01/d/d8/.../d8246eb7-17c1-4476-a972-aed8f57ff1ec.exe

https://t.qservz.com/tr.aspx?campaign=5c645cc19a53ac1dfb155840d886050c&type=pps&retmode=3&orderid=&level=sale&redirect_url=http://sea.quisma.com/tcr.php?cl=8333134323236323131303&v=&vz=sale_1&vv=&po=&c1=&c2=&c3=&c4=&pi=&redirect=http://create.kodak.com/asset-s/01/e/ed/.../edb1d315-a10d-4988-adef-ebe072a401fa.exe

https://t.qservz.com/tr.aspx?campaign=5c645cc19a53ac1dfb155840d886050c&type=pps&retmode=3&orderid=&level=sale&redirect_url=http://sea.quisma.com/tcr.php?cl=8333134323236323131303&v=&vz=sale_1&vv=&po=&c1=&c2=&c3=&c4=&pi=&redirect=http://create.kodak.com/asset-s/01/e/ed/.../edb1d315-a10d-4988-adef-ebe072a401fa.exe

http://www.create.kodak.com/asset-s/01/3/36/36f/.../KodakCreateHome.exe

Scan d8246eb7-17c1-4476-a972-aed8f57ff1ec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.