home

dj+sbu+ft.+zahara+lengoma_10924_i90432149_il345.exe

WinAce

KASHTAN OOO

The executable dj+sbu+ft.+zahara+lengoma_10924_i90432149_il345.exe, “http://www.winace.com” has been detected as malware by 1 anti-virus scanner.
Publisher:
e-merge GmbH  (signed by KASHTAN OOO)

Product:
WinAce

Description:
http://www.winace.com

Version:
2.69.0.0

MD5:
cf128a2a0a96a5f4650ed14578ad7691

SHA-1:
7eb4067c032412d101794fc85612e34f43c2a4d3

SHA-256:
6e3328eb37dcaf37dd99cb27631ae3993ce94eeed882458eb8af5286dab02962

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/15/2024 4:53:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.15.2

File size:
3.4 MB (3,542,416 bytes)

Product version:
02.69.00.00

Copyright:
1997-2007 ACE Compression Software & e-merge GmbH

Trademarks:
1997-2007 ACE Compression Software & e-merge GmbH

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\programs\dj+sbu+ft.+zahara+lengoma_10924_i90432149_il345.exe

Digital Signature
Signed by:
KASHTAN OOO

Authority:
Thawte, Inc.

Valid from:
7/5/2015 2:00:00 AM

Valid to:
5/22/2016 1:59:59 AM

Subject:
CN=KASHTAN OOO, O=KASHTAN OOO, L=Naberezhnye Chelny, S=Tatarstan republic, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
468BE39F7FCABE2D4D2D070862DD916B

File PE Metadata
Compilation timestamp:
11/26/2015 8:02:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x338C30

Entry point:
68, C0, E1, 5E, 51, E8, 83, FD, FE, FF, 5D, 4C, 26, E9, 54, 44, 34, D5, 29, F8, 74, 50, 19, 51, 50, E9, A2, 14, 01, 00, 56, 46, 33, C0, 77, 49, 23, CB, 2D, C8, 6C, 62, 7C, 69, 22, 14, 80, EC, 67, 89, 5D, B4, 89, 7D, F4, 8A, 1C, 11, E9, 26, 72, 00, 00, 1B, C9, 83, E1, FE, 83, C1, 0B, E9, AC, 2B, 01, 00, 46, 77, 14, DE, 7D, 43, 32, EA, 2D, F9, 7E, 70, 7E, 42, 14, 79, 40, 53, F5, F2, B5, 31, BA, F5, B2, FE, FB, C6, F5, 32, 0F, AE, D0, F5, D2, DF, D5, 25, 0A, 4D, 5D, A2, 32, 0A, 2D, 57, 4F, 0A, 0A, 8D, EA, C2...
 
[+]

Code size:
2.9 MB (3,048,960 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.