home

ext2ifs_1_11a.exe

Ext2 IFS for Windows

Stephan Schreiber

This is a setup and installation application. The file has been seen being downloaded from www.cdrinfo.pl and multiple other hosts.
Publisher:
Stephan Schreiber  (signed and verified)

Product:
Ext2 IFS for Windows

Description:
Ext2 IFS Self Extracting Installer

Version:
1.11a

MD5:
a16c60a79b2e735dbdbb0dcb115aba99

SHA-1:
2eb096d77dfa53a47e4acfa92f0c180619b0587a

SHA-256:
bfd114ab6dbbdf475c8e0e884a4e264513262c24ef5149c844f319687de1aec6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:57:20 PM UTC  (today)

File size:
1.4 MB (1,464,768 bytes)

Product version:
1.11a

Copyright:
All rights reserved.

Original file name:
IFS_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ext2ifs_1_11a.exe

Digital Signature
Signed by:
Stephan Schreiber

Authority:
GlobalSign nv-sa

Valid from:
11/13/2007 10:52:17 AM

Valid to:
11/13/2008 10:52:17 AM

Subject:
E=info@fs-driver.org, CN=Stephan Schreiber, C=DE

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011639B6033B

File PE Metadata
Compilation timestamp:
9/25/2008 11:41:57 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:rFfIkVl7KEQn+fEXYdpkzD862xyCrD4C/0dZohyNx1CAFBGNy:Rf7VJQ+QYIzD8zbD0dZ7NjYY

Entry address:
0x1892

Entry point:
8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, 57, 6A, 0A, 33, DB, 6A, 66, 53, 89, 5D, FC, FF, 15, 10, 10, 00, 01, 8B, F0, 3B, F3, 74, 2F, 56, 53, FF, 15, 0C, 10, 00, 01, 8B, F8, 3B, FB, 74, 21, 56, 53, FF, 15, 08, 10, 00, 01, 3B, C3, 74, 15, 50, FF, 15, 04, 10, 00, 01, 8B, F0, 3B, F3, 75, 1D, 6A, 08, FF, 15, 00, 10, 00, 01, E8, 78, FD, FF, FF, C7, 45, FC, 01, 00, 00, 00, FF, 75, FC, FF, 15, 90, 10, 00, 01, 8D, 45, F0, 50, 8D, 45, F4, 50, 8D, 45, F8, 50, E8, A3, FD, FF, FF, 85, C0, 74, D6, 57, 56, FF, 75, F4, E8...
 
[+]

Entropy:
7.9968  (probably packed)

Code size:
4 KB (4,096 bytes)

The file ext2ifs_1_11a.exe has been seen being distributed by the following 5 URLs.

http://www.cdrinfo.pl/.../Ext2IFS_1_11a.exe&id=9600124420&baza=soft

http://gsf-cf.softonic.com/2eb/096/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44436&instance=softonic_es&type=PROGRAM&Expires=1440645568&Signature=Vi5pm3~cm8mL1sBVXoa9p6ECtFSu3FXlmPbwmp2tRgzwYIM2tA9q4Jnacntv3nsVqCl0KRtM2beYjeZFzCYjztY~yg-GxZypv~Ce5PR4jhyaom2KgKrihRlqRRUrsK3flYauPbIihyZjo9wivwswyqNnxs--j8cqCEXMEVrkNz8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Ext2IFS_1_11a.exe

http://gsf-cf.softonic.com/2eb/096/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44436&instance=softonic_en&type=PROGRAM&Expires=1455059950&Signature=a3YjlhKOCBOhoNvU4nKhN6BKr3B7FAzFrnE9c9PxlCaNbKSHaR--zFtaDVTZefeObHVb3qPVCpXiY7mtk2lGXjaMU8eH-94AYHEtv3ozzy1qO6nOqv0nDsHgNgIgy43BiE-wiRvEpN8a70auJ4ZcbRa~dqEVPrFZFEgDHj7WGvg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Ext2IFS_1_11a.exe

http://download.quennec.fr/.../download

http://www.fs-driver.org/.../Ext2IFS_1_11a.exe

Scan ext2ifs_1_11a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.