home

ef_startup_manager_5.60_64.exe

Emil Fickel

This is a self-extracting archive and installer. The file has been seen being downloaded from www.efsoftware.com.
Publisher:
EFSoftware  (signed by Emil Fickel)

Description:
EFSoftware Setup

Version:
4.10

MD5:
9fcb4556c6d3447a6a2028d347ef486a

SHA-1:
610be13b3cc6ebc47e01638e14ef35dbfcfe8484

SHA-256:
0fe8ebc3ccbfc19c4523298956afdf6464e6e00e264da31f8725346b299ee132

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 1:29:38 PM UTC  (today)

File size:
931.8 KB (954,192 bytes)

Product version:
4.10

Copyright:
Copyright © 1994-2013, Emil Fickel

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ef_startup_manager_5.60_64.exe

Digital Signature
Signed by:
Emil Fickel

Authority:
StartCom Ltd.

Valid from:
1/21/2013 5:45:53 AM

Valid to:
1/22/2015 10:26:12 AM

Subject:
E=info@efsoftware.com, CN=Emil Fickel, L=Wiesbaden, S=Hessen, C=DE, Description=dV9Dfq1BQ5R6OMgY

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0897

File PE Metadata
Compilation timestamp:
7/31/2013 5:55:27 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:maqbMKvRJYWVY5Rh3pF0NEpKyU+jqfNXs:2bMKv3YSYnhFRpja8

Entry address:
0x92E8

Entry point:
48, 83, EC, 28, E8, 3F, 35, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 48, 8D, 59, 1C, 48, 8B, E9, BE, 01, 01, 00, 00, 48, 8B, CB, 4C, 8B, C6, 33, D2, E8, B7, E9, FF, FF, 45, 33, DB, 48, 8D, 7D, 10, 41, 8D, 4B, 06, 41, 0F, B7, C3, 44, 89, 5D, 04, 44, 89, 5D, 08, 44, 89, 5D, 0C, 66, F3, AB, 48, 8D, 3D, 32, D3, 00, 00, 48, 2B, FD, 8A, 04, 1F, 88, 03, 48, FF, C3, 48, 83, EE, 01, 75, F2, 48, 8D, 8D, 1D, 01, 00, 00, BA, 00...
 
[+]

Entropy:
7.9351  (probably packed)

Code size:
62.5 KB (64,000 bytes)

The file ef_startup_manager_5.60_64.exe has been seen being distributed by the following URL.

http://www.efsoftware.com/.../w64.cgi?su

Scan ef_startup_manager_5.60_64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.