home

fastclient_i_r201163de.exe

FastViewer

FastViewer GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from meet.windsorhealthgroup.com.
Publisher:
Fastviewer.com  (signed by FastViewer GmbH)

Product:
FastViewer

Version:
3.20.0020

MD5:
7385570d180aae785dad60fde61b08c3

SHA-1:
24078f2a8767b9a29e77a99db0dc4e12bddeb9c8

SHA-256:
2d834c2d6454a314d7a88a760c89130b4f1f9d821af352cc2156d7e1ee1d2d08

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 9:15:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

File size:
1.8 MB (1,932,376 bytes)

Product version:
3.20.0020

Copyright:
(c) FastViewer GmbH. All rights reserved.

Original file name:
FastViewer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fastclient_i_r201163de.exe

Digital Signature
Signed by:
FastViewer GmbH

Authority:
Thawte, Inc.

Valid from:
10/12/2011 8:00:00 PM

Valid to:
10/12/2013 7:59:59 PM

Subject:
CN=FastViewer GmbH, OU=Webcollaboration, O=FastViewer GmbH, L=Neumarkt in der OPf., S=Bavaria, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A4E77F26DA825553463D327F9D24496

File PE Metadata
Compilation timestamp:
12/21/2012 6:41:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:1GePtl9wlxgfVNDdVKtnQgkxLjfzl35qDt2PldBdcy:1GePtlal0XDy4xL7zl35GtolVcy

Entry address:
0x1000

Entry point:
B8, 8C, 2E, A7, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 4B, 13, F8, 6F, 24, 19, 6B, F5, 8E, D3, 82, 67, 96, A4, 5E, 2F, 9E, 0C, AB, 62, 04, 9C, B8, 5B, A6, CE, 01, 64, C0, 8E, 08, C2, 79, 3A, 2C, 7E, 87, 01, 09, 4F, F2, 44, 64, AD, 46, 6F, C2, 8B, DD, 4B, FE, D0, A9, FC, AD, FA, 32, AF, 9D, 12, 7C, 8B, 61, 37, 93, CE, F2, E4, 1E, EA, 30, F7, 69, 4C, 89, A9, 4B, E9, 60, 58, 05, 09, B8, 80, DF, B8, FD, 3A, 5B, 63, 8D, 83, 65...
 
[+]

Entropy:
7.9517

Packer / compiler:
PECompact v2

Code size:
3.3 MB (3,457,024 bytes)

The file fastclient_i_r201163de.exe has been seen being distributed by the following URL.

https://meet.windsorhealthgroup.com/.../fastclient_i_r201163de.exe

Scan fastclient_i_r201163de.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.