» db02326c-9338-934f-aece-310437fa95ea_1d1bebc90922938
Overview
Analysis
File Details
Downloads (1)

db02326c-9338-934f-aece-310437fa95ea_1d1bebc90922938

Windows Update Merged Standalone Setup

Microsoft Corporation

File name:

Publisher:

Microsoft Corporation

Product:

Microsoft® Windows® Operating System

Description:

Windows Update Merged Standalone Setup

Version:

6.3.0021.0 (winblue_gdr_dev.140306-1815)

MD5:

28a355d91c7d9798e065a6eeb9c81b4f

SHA-1:

b08a9a8a6cf4a3fabfa538b4389ff350e8c75cae

SHA-256:

a71d690b361ad653a28b9bd62e8e040db84e4a43ce8878425482e8c011fd30c0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 6:14:08 AM UTC (today)

File size:

5.4 MB (5,675,450 bytes)

Product version:

6.3.0021.0

Original file name:

mergedwusetup.exe

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\db02326c-9338-934f-aece-310437fa95ea_1d1bebc90922938

File PE Metadata

Compilation timestamp:

3/7/2014 2:42:40 AM

OS version:

6.3

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:CAxsDKRJTq8b3qKKmotx+PUxbALxkfzqOt:auJnoi8aLxKRt

Entry address:

0x5338

Entry point:

48, 83, EC, 28, E8, E3, 09, 00, 00, 48, 83, C4, 28, E9, 3A, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 99, 2C, 00, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 42, 00, 00, 00, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 33, C9, FF, 15, E3, 5E, 01, 00, 48, 8B, CB, FF, 15, E2, 5E, 01, 00, FF, 15, 2C, 5D, 01, 00, BA, 09, 04, 00, C0, 48, 8B, C8, 48, 83, C4, 20, 5B, 48, FF, 25, C0, 5D, 01, 00... 
[+]

Entropy:

7.9984 (probably packed)

Code size:

25 KB (25,600 bytes)

The file db02326c-9338-934f-aece-310437fa95ea_1d1bebc90922938 has been seen being distributed by the following URL.

http://download.windowsupdate.com/windowsupdate/redist/standalone/.../WindowsUpdateAgent-7.6-x64.exe

Scan db02326c-9338-934f-aece-310437fa95ea_1d1bebc90922938 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.