» grafeq_setup.exe
Overview
Analysis
File Details
Downloads (5)

grafeq_setup.exe

GrafEq 2.13

Pedagoguery Software Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.peda.com and multiple other hosts.

File name:

grafeq_setup.exe

Publisher:

Pedagoguery Software Inc.

Product:

GrafEq 2.13

Description:

GrafEq 2.13 Setup

Version:

2.13

MD5:

e6127bade3241fc5a18f0821ae4f5ba6

SHA-1:

6f036ffbccedc30701fa84fbaa23cedaf033f081

SHA-256:

27a133cb3189ee98546e51335c345875a9d71cd1f05f65f79697af588a23e62c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 3:47:30 AM UTC (today)

File size:

1.4 MB (1,433,808 bytes)

Product version:

2.13

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\grafeq_setup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 6:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:SIGEzBwVwq7nPcmyeceE9t30IgMNosPTQFgBMq6UNTONaXQ3tn:SI3zGVJDcm3cZ35gKos8FgBMY5ONptn

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9807

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file grafeq_setup.exe has been seen being distributed by the following 5 URLs.

http://www.peda.com/.../grafeq_setup.exe

http://www.safetagheart.com/977 CdFmq5hHU3LOY ymzHaD_XmgAdJEcQNPGc28 C6kbrqvVYJIWdMdGvGAi4wItGpW4KD5s5lig2glzKh3R3aNP3OwJm1xLoRI6CCO42VjXzm20__Ip5HO3Qgh7m4tndOfrWUUsbQHeX1VqqN0nyffCdF7E5L7qocD_O3YiPKJBNIrAD8PydTZ5rnJE2rx7Bwi1kUFCM1GdFvtz csyYudHphANgcYAvZx_0fuXQflO _E9LqfUnTOY4Dg4WXs1G3yyQsH_vWI5qHeC9Oq8uIJqDY8yWulrh_cdsDX6T0oMkAZtBwE4Weh74ZrWAmeMPtKJUP6UEREI7BKf0L1hk1icv4EqODYrvB_fjnlz50phP df7qlm_PTqbIqKPzQn6r7yD2GqlBP5Qp8nq9f_AAjDSrLviLK9yA0PLHeQupb_jO3_lYj_dyuc0fyxf_s_QKgJp4KDehASELnWqowoGIyNQEb3mwNriVaSu20 kt5JLcBvhz TgM9uIBeM5IOMEPjcJO9-GyIAAARqbrFBpxXH5mF9FTdzlVgUKmlLtcJdTMys7DpZ7HHpJ MD-e

http://grafeq.soft32.com/goto/file/id/.../

http://www.safetagheart.com/JF QhRY cRL g249_Ta_vl B 6 5sKQQ1pCMttlW67 edH 4WWOn_iar5swwM0w9G7JW9DX_tG_qEEHhl05tlNOIlQOukfxAYuEuQj2svgmzZZRu40hVYTO5W_49OuBg7N9TZD1Rap6sMW1m9swsphe83n3jAG3DO5A5ozc0VTVLo37pq 9eNaJOoBTl2Lbo UICRMsPPJ4n5byrQgYf3WUFTG4W1o9DAMEvEAISz5KqDcdXemWNIOA75BNhA1wmfugjsatY0qHBq WC KiY3Nze q6RnT0gI8LFj6v9IVJK4ECcY3nBOVOTeLQfv32Pq QqHZAuXu56ufKoGToXv_AVqbGRYWZR5Y1xM9ueE7WmReaDmIZc5f8RzoEbVm8lzxWcxHrZJwP8SJdWi2GZoUP7F4JhQAabxAJ_a_MxlmpYdJGO8_Ea3VQc5JBWr_sHp6yhSG9895TFTGUkqLfvpVsXmMZjCN8v6vZpkhwste ZQzdfzTHCaY9kKKEmAIsPMp4Zrtw0-GyIAAARqbrFBpxXH5mF9FTdzlVgUKmlLtcJdTMys7DpZ7HHpJ MD-e

ftp://ftp.peda.com/grafeq_setup.exe

Scan grafeq_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.