» expresstalk302.exe
Overview
Analysis
File Details

expresstalk302.exe

NCH Swift Sound

File name:

expresstalk302.exe

Publisher:

NCH Swift Sound (signed and verified)

MD5:

1da9b2ab10066b23602571c0c722f642

SHA-1:

c55cef52fdfe8e80e04bc76d8f0da08c3c80b6aa

SHA-256:

b231f82b4e2b2a61904658bfc6008e6889d814c3e950e902c061804da9dea01b

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 8:58:33 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Dropper.Win32.Fednu.ae!1075335751

23.00.65.151120

File size:

385.7 KB (394,920 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\administrador de redes cisco\administrador de redes cisco\03- administrador de redes\software\voip\expresstalk302\expresstalk302.exe

Digital Signature

Signed by:

NCH Swift Sound

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

8/10/2006 9:00:00 PM

Valid to:

8/24/2008 8:59:59 PM

Subject:

CN=NCH Swift Sound, OU=SECURE APPLICATION DEVELOPMENT, O=NCH Swift Sound, L=Canberra, S=ACT, C=AU

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

15CE045B1088572C5821736F2D3BAC45

File PE Metadata

Compilation timestamp:

11/8/2007 8:05:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:CtFa2+Df0efXFDaUlPB1XJOQ7MvapjC9jqMaN5tB6jdBkyHUUACw0a6EhARQA9M4:Ce/FDzlPB1ZOQ8aC9gN1412O7Q8MF

Entry address:

0x20E8

Entry point:

55, 8B, EC, 81, EC, 68, 05, 00, 00, 53, 56, 57, 8D, 85, 9C, FB, FF, FF, 50, 68, 04, 01, 00, 00, FF, 15, 34, 10, 40, 00, 6A, 00, FF, 15, 08, 10, 40, 00, 6A, 63, 8B, F0, 6A, 63, 56, FF, 15, 1C, 10, 40, 00, 8B, F8, 57, 56, FF, 15, 14, 10, 40, 00, 57, 56, 89, 45, F8, FF, 15, 00, 10, 40, 00, 50, FF, 15, 30, 10, 40, 00, 83, 65, FC, 00, 8B, 35, 10, 10, 40, 00, 89, 45, F4, BB, 80, 00, 00, 00, FF, 45, FC, FF, 75, FC, 8D, 85, A8, FE, FF, FF, 68, 70, 10, 40, 00, 50, FF, 15, 50, 10, 40, 00, 83, C4, 0C, 8D, 85, A8, FE... 
[+]

Developed / compiled with:

Microsoft Visual C++

Scan expresstalk302.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.