» Firmas.exe
Overview
Analysis
File Details
Behaviors (1)

Firmas.exe

Balcão de Firmas

Droid Informatica

It runs as a scheduled task under the Windows Task Scheduler.

File name:

Firmas.exe

Publisher:

Droid Sistemas (signed by Droid Informatica)

Product:

Balcão de Firmas

Description:

Controle de Balcão de Firmas - Cartório de Notas

Version:

5.5.7.137

MD5:

d05a96cf1c7c2bcb6c8604bb167e2886

SHA-1:

868ef8f64b566d90220324ab3f65b9b40a382a04

SHA-256:

84baa1a49b02b9c1ed665725b61c86bc9270511174762d4c01cf3bb491c9f297

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

7/6/2025 4:19:59 PM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/D_Bancos!Generic

4.6.5.141

File size:

1.8 MB (1,907,760 bytes)

Product version:

11/10/2016

Trademarks:

Original file name:

Firmas.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Digital Signature

Signed by:

Droid Informatica

Authority:

GlobalSign nv-sa

Valid from:

9/20/2013 1:53:32 PM

Valid to:

12/13/2016 5:50:04 PM

Subject:

CN=Droid Informatica, O=Droid Informatica, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217DA3871D2E98266BB84BE6F993B8F536

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:1tF8e5VMsJwGKeX8sjCQeCVC1eP1zJgzsLJp7/BE82M7:fF8e5VMmfRX8Qoq2k4sLr7/BE8h

Entry address:

0x50F4C0

Entry point:

60, BE, 00, 80, 74, 00, 8D, BE, 00, 90, CB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

1.8 MB (1,867,776 bytes)

Scheduled Task

Task name:

{322751FA-4860-4085-AD74-B4D3669DECA6}

Trigger:

Registration (Runs on registration)

Scan Firmas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.