» ie8-windowsxp-x86-heb.exe
Overview
Analysis
File Details
Programs (1)
Downloads (5)

ie8-windowsxp-x86-heb.exe

Self-Extracting Cabinet

Microsoft Corporation

This is a setup program which is used to install the application. This is installed with Windows Internet Explorer 8. The file has been seen being downloaded from www.gmx.co.il and multiple other hosts.

File name:

ie8-windowsxp-x86-heb.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Self-Extracting Cabinet

Version:

6.3.0015.0 built by: dnsrv

MD5:

871d8795b795376494e7c296531637af

SHA-1:

d77686657faa8d65d9efb7b41d15589440e4bf03

SHA-256:

c945eeed5f800f3fea2e2ca6be3fceecb2ea40461247d2c788e5847dfa4c56fd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/26/2024 3:45:52 PM UTC (today)

File size:

16.2 MB (16,955,232 bytes)

Product version:

6.3.0015.0

Original file name:

SFXCAB.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ie8-windowsxp-x86-heb.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

10/23/2008 12:24:55 AM

Valid to:

1/22/2010 11:34:55 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

61062781000000000008

File PE Metadata

Compilation timestamp:

12/21/2007 9:26:24 AM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

393216:wRlPGqi0cjVNhOgUFD7aXU8kG/sSIxLGrTubvVhzGT5P:wRTi0cj/kgU9OmG/stLuTubfz+5P

Entry address:

0x63FF

Entry point:

6A, 28, 68, E0, 25, 00, 01, E8, AD, 01, 00, 00, 66, 81, 3D, 00, 00, 00, 01, 4D, 5A, 75, 28, A1, 3C, 00, 00, 01, 81, B8, 00, 00, 00, 01, 50, 45, 00, 00, 75, 17, 0F, B7, 88, 18, 00, 00, 01, 81, F9, 0B, 01, 00, 00, 74, 21, 81, F9, 0B, 02, 00, 00, 74, 06, 83, 65, E4, 00, EB, 2A, 83, B8, 84, 00, 00, 01, 0E, 76, F1, 33, C9, 39, 88, F8, 00, 00, 01, EB, 11, 83, B8, 74, 00, 00, 01, 0E, 76, DE, 33, C9, 39, 88, E8, 00, 00, 01, 0F, 95, C1, 89, 4D, E4, 83, 65, FC, 00, 6A, 01, FF, 15, CC, 21, 00, 01, 59, 83, 0D, EC, D3... 
[+]

Entropy:

7.9995

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

33.5 KB (34,304 bytes)

The file ie8-windowsxp-x86-heb.exe has been discovered within the following program.

Windows Internet Explorer 8 by Microsoft Corporation

Windows IE8 (Internet Explorer 8) is a web browser from Microsoft. IE8 contains many new features, including WebSlices and Accelerators (Accelerators are a form of selection-based search which allow a user to invoke an online service from any other page using only the mouse).

www.microsoft.com/ie

5% remove it

The file ie8-windowsxp-x86-heb.exe has been seen being distributed by the following 5 URLs.

http://www.gmx.co.il/.../getfile.php?id=107

http://affilinks.affilizr.com/action/?pcode=utf-8&r=1456483027248.2&go=1&redir=http://action.metaffiliation.com/trk.php?mclic=P4324955D624171&argsite=37346764&redir=http://download.microsoft.com/download/B/B/F/.../IE8-WindowsXP-x86-HEB.exe

http://blogs.microsoft.co.il/ie8/.../IE8-WindowsXP-x86-HEB.exe

http://www.vins.co.il/.../internet-explorer-8

http://download.microsoft.com/download/B/B/F/.../IE8-WindowsXP-x86-HEB.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.