» facelift.exe
Overview
Analysis
File Details

facelift.exe

PackageForTheWeb Stub

Electronic Arts, Inc.

The program is a setup application that uses the InstallShield Setup installer.

File name:

facelift.exe

Publisher:

InstallShield Software Corporation (signed by Electronic Arts, Inc.)

Product:

PackageForTheWeb Stub

Version:

2.01.005

MD5:

20d3d25cece8c7762466b92e074de19b

SHA-1:

93fbd4e3cd7cb30b1c069d990ac78802c07cc91e

SHA-256:

047e58b1abba200f1a5a8365577ff698e6230d1bfa0e0f58dbe10fef054e7910

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/28/2024 7:25:28 PM UTC (today)

File size:

5.6 MB (5,906,864 bytes)

Product version:

2.01.005

Original file name:

STUB32.EXE

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\facelift.exe

Digital Signature

Signed by:

Electronic Arts, Inc.

Authority:

VeriSign, Inc.

Valid from:

8/10/1999 3:00:00 AM

Valid to:

8/10/2000 2:59:59 AM

Subject:

OU=Electronic Arts Online, CN="Electronic Arts, Inc.", L=Redwood City, S=California, C=US, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Issuer:

OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Serial number:

68429C287868A6B9559DC72E53FFC46C

File PE Metadata

Compilation timestamp:

2/3/1998 8:05:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.2

CTPH (ssdeep):

98304:Di5A037UFeK8ec8g4BU7zM3jlBt9950ZPT7RnklqtL27zqw+UVpbB4Me:DiF37aeKDBUPMzllD0Z9S9+cpBRe

Entry address:

0x8A80

Entry point:

55, 8B, EC, 6A, FF, 68, 00, C0, 40, 00, 68, 38, A6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, A8, 53, 56, 57, 89, 65, E8, FF, 15, 08, 24, 41, 00, 33, D2, 8A, D4, 89, 15, 68, FB, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 64, FB, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 60, FB, 40, 00, C1, E8, 10, A3, 5C, FB, 40, 00, E8, C4, 01, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, 69, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00, E8, 4A, 18, 00, 00, E8, 35, 18, 00, 00, FF, 15, 0C, 24, 41... 
[+]

Entropy:

7.9951

Developed / compiled with:

Microsoft Visual C++

Code size:

40.5 KB (41,472 bytes)

Scan facelift.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.