home

decrypt_dmalocker2.exe

Emsisoft Decrypter for DMALocker2

Emsisoft Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from decrypter.emsisoft.com.
Publisher:
Emsisoft Ltd  (signed and verified)

Product:
Emsisoft Decrypter for DMALocker2

Version:
1.0.0.187

MD5:
94aec9952eacd34fd1c1505bde91d02c

SHA-1:
43555b80ecbfbb04d54b51cb5b190361133a3996

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 2:35:47 PM UTC  (today)

File size:
3.1 MB (3,224,480 bytes)

Product version:
1.0.0.0

Copyright:
(C) 2016 Emsisoft Ltd

Original file name:
decrypt_dmalocker2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\gregpol\moje dokumenty\pobrane\decrypt_dmalocker2.exe

Digital Signature
Signed by:
Emsisoft Ltd

Authority:
DigiCert Inc

Valid from:
4/28/2015 2:00:00 AM

Valid to:
5/2/2018 2:00:00 PM

Subject:
CN=Emsisoft Ltd, O=Emsisoft Ltd, L=Nelson, C=NZ

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03ECEFF46E099F9778C617290FEC2492

File PE Metadata
Compilation timestamp:
2/18/2016 2:39:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:BK+prfi7vJ8xvL7YMmGm1rbZLSXmgrk+z84c:Y+paB8aGJXXZ84c

Entry address:
0x891000

Entry point:
EB, 08, 0F, 1C, 30, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 0E, 1B, 00, 00, 01, 00, 30, 82, 1B, 0A, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1A, FB, 30, 82, 1A, F7, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 20, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 11, 04, 82, 0F, 0D, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 04, 00, 00, 00, 00, 00, 26, 00, 00, 00, 01, 00, CD, 82, C5, D9, 0A, 0C, 52, 2B, 0A, 60, F5, 62, 6C, 8B, 4B, 40, F6...
 
[+]

Code size:
2.2 MB (2,257,920 bytes)

The file decrypt_dmalocker2.exe has been seen being distributed by the following URL.

https://decrypter.emsisoft.com/.../dmalocker2

Scan decrypt_dmalocker2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.