home

itriboxinstaller.exe

7-Zip

Industrial Technology Research Institute

This is a setup and installation application. The file has been seen being downloaded from itribox.itri.org.tw.
Publisher:
Igor Pavlov  (signed by Industrial Technology Research Institute)

Product:
7-Zip

Description:
7z Setup SFX

Version:
9.22 beta

MD5:
842787a145a2f979e4047802ffa04078

SHA-1:
ffeaebf6408f22aedcb2e71f6300c932b6a83c79

SHA-256:
c2d365c211888bbf35022d0f5f0f7d419543a8baed246c8f2fae49a0d312cd8b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/6/2024 10:32:09 AM UTC  (today)

File size:
71.8 MB (75,263,392 bytes)

Product version:
9.22 beta

Copyright:
Copyright (c) 1999-2011 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\itriboxinstaller.exe

Digital Signature
Signed by:
Industrial Technology Research Institute

Authority:
GlobalSign nv-sa

Valid from:
1/27/2016 1:07:38 PM

Valid to:
1/27/2017 1:07:38 PM

Subject:
CN=Industrial Technology Research Institute, O=Industrial Technology Research Institute, L=Hsinchu, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211FA5268D1B10857029787E8F7370FB0F

File PE Metadata
Compilation timestamp:
8/25/2014 5:20:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1572864:bejnpeenvPY2cnzDORLYuhSQ/1bPA3lcMP44UjzPc:bepZnv0neRxZN7A3uw4DnE

Entry address:
0x14D07

Entry point:
E8, B2, 2D, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
8.0000  (probably packed)

Code size:
104 KB (106,496 bytes)

The file itriboxinstaller.exe has been seen being distributed by the following URL.

https://itribox.itri.org.tw/safebox/.../ITRIBoxInstaller.exe

Scan itriboxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.