home

edraw-max-6-3-en-win.exe

Edraw Max

Edraw Limited

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
EdrawSoft   (signed by Edraw Limited)

Product:
Edraw Max

Description:
Edraw Max Setup

Version:
6.3.8

MD5:
c8556f926f730c3942d32636142dac8b

SHA-1:
4e51e6412ba02cae2601daf0d3a136c5470b8ed6

SHA-256:
cb111c4f53f97768fcf99bee338e8e46475fcfc4dcbe2209f9169b2a82cc2d34

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 7:48:24 PM UTC  (today)

File size:
34.7 MB (36,389,320 bytes)

Product version:
6.3.8

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\edraw-max-6-3-en-win.exe

Digital Signature
Signed by:
Edraw Limited

Authority:
WoSign, Inc.

Valid from:
4/12/2011 7:00:00 PM

Valid to:
4/12/2012 6:59:59 PM

Subject:
CN=Edraw Limited, OU=WoSign Class 3 Code Signing, O=Edraw Limited, L=hongkong, S=hongkong, C=HK

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
073D668C5D086F71EEE6B671DF0B06A1

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:N4XcfGOw5F9FpB6xhvgyHe7GipwH5+XK1RyqgCF5nyM2csI8rL:N4XJ5FH6xhvgKiOU61RjgCF5nyM2c14L

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
8.0000

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file edraw-max-6-3-en-win.exe has been seen being distributed by the following 2 URLs.

http://dw.uptodown.com/dwn/31I7WhMPCneLSvJvJrQyWT_01bWZNEfAFWDL69g3SmZkebWyKx-BN9sMTLzvdGBfjloJlYera5vEy_qFbKESQdcvL0T7RWG24f0MPtnCEkxsvM5ZMdKoJEcxwZnSw6c7/C0kf_S5Dw5xm2lTZZ7J1zZi8BeXAQlWjN7KBq2NmGpIId74olClAzQAdpSTR3gEcs0FfpV6-1kKSv7_-ZYQGmZkr7PDv0uPUzlU1C98jT1puQnjcGKiSTdZ_0ae2iwSk/pCMmEqm1bbUO90eM01ngN9rML4yp2Vv6vaF9sl6E8Zw73cxUH8u_WoOFA8S0oAyQh2aH_1qUMRvx6VhUKvP_p9MAmBXdxWgY29Oe0dZcbo8z_vwT7To_hE0PNWjj8vl4/.../

https://dw.uptodown.com/dwn/cWUDJFBb6o57Fj3bMVgX7s_t13EtVgMb7ER0SynZX4P-H0sOSqyqNtCld-OrAq1mK6MiyYzA9ClbxXUxkxERP7M_nrMwDMdC6Ts0jNQPrVkc9Vd7RQkJ3HTPAIuEGi2d/-Ew7KUIpmH6yuAkCF6x7baDhAMGzWW5qdQZ3PrUnbqOYDfvWGI1wwztLjCsSrVv1Nak9OcRTbGrnm4kr6BFEhdRRZPa8Ksz0X0EF4-R-p9SKWGjwBeK60qCFa1YpRBf9/_5zBsK0GxCkjRiAsodw7xHKHMSEV8yK51Zm7Ipr0L7Ccfxi3vplnKeUeClFFbF1msnXa_-ym2_5owInCPgWsleM7RnnnM1Rl3Dapu4sHbx4lQrBpCvGX8HQ8qcT7OznP/.../

Scan edraw-max-6-3-en-win.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.