home

Emoterror_LATAM.exe

msnDelivery

Microsoft

This is a setup program which is used to install the application. The file has been seen being downloaded from www.feriademoticones.com.
Publisher:
Microsoft  (signed and verified)

Product:
msnDelivery

Version:
1.0.3981.34177

MD5:
8a8cc00f7a60d0270231bdc73055c6f7

SHA-1:
43aa7ba756d5717040c012ba86cdb5a453dd6a13

SHA-256:
ae68a4aaf301aebd4d0d96c22e2fee436ace712a3c021a5c36f399d11cd29387

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:45:44 AM UTC  (today)

File size:
491.8 KB (503,640 bytes)

Product version:
1.0.3981.34177

Copyright:
Copyright 2009

Original file name:
Emoterror_LATAM.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\emoterror_latam.exe

Digital Signature
Signed by:
Microsoft

Authority:
GlobalSign nv-sa

Valid from:
1/19/2010 2:36:59 PM

Valid to:
1/19/2011 2:36:59 PM

Subject:
CN=MSN Messenger Client - Microsoft, OU=Microsoft, O=Microsoft, L=Capital Federal, S=Capital Federal, C=AR

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001264834E0A6

File PE Metadata
Compilation timestamp:
11/25/2010 4:59:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:FsIkXW4GhQtcLg73NY1VeC+d921MZPa+x7S1AMND:ClGwWgJWVeC+d921MZPaiS1AMd

Entry address:
0x7698E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
468 KB (479,232 bytes)

The file Emoterror_LATAM.exe has been seen being distributed by the following URL.

http://www.feriademoticones.com/Descarga/.../Emoterror_LATAM.exe

Scan Emoterror_LATAM.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.