home

dealingoffice.trader.russia.exe.deploy

DealingOffice

JSC Kalita-Finance

Publisher:
Kalita-Finance  (signed by JSC Kalita-Finance)

Product:
DealingOffice

Description:
DealingOffice iTrader

Version:
8.2.10.0

MD5:
56ca0167946d4518d5941521488fd855

SHA-1:
641cbf10e068e4855e2e9bb1c7d1b083a52d79c5

SHA-256:
57dc14d2f01833c8ec47b0f067c7fc325707b402f57543a700d132192e578290

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 12:26:24 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

File size:
232.7 KB (238,320 bytes)

Product version:
8.2.10.0

Copyright:
Copyright © Kalita-Finance 2007-2014

Original file name:
DealingOffice.Trader.Russia.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\application files\dealingoffice.trader.russia_8_2_10_0\dealingoffice.trader.russia.exe.deploy

Digital Signature
Signed by:
JSC Kalita-Finance

Authority:
GlobalSign nv-sa

Valid from:
4/9/2014 7:47:40 AM

Valid to:
6/7/2015 9:16:45 AM

Subject:
CN=JSC Kalita-Finance, O=JSC Kalita-Finance, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E20A091E11A28AED1B77D37A7A848674

File PE Metadata
Compilation timestamp:
10/7/2014 5:15:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:eFVfzUQmClA3m/pkFqQjeh5/y0RSOFVfzUQmClA3m/pkFqQjeh5/y0RS17K4mCPk:eHfAR3mCehByPOHfAR3mCehByPQvK

Entry address:
0x288CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7355

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
154.5 KB (158,208 bytes)

Scan dealingoffice.trader.russia.exe.deploy - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.