» kb2932677.exe
Overview
Analysis
File Details
Programs (1)
Downloads (63)

kb2932677.exe

Self-Extracting Cabinet

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from localhost and multiple other hosts.

File name:

kb2932677.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Self-Extracting Cabinet

Version:

5.1.30214.0

MD5:

e9b9148f1590cfc520712a7b7205bf22

SHA-1:

5ae9c457e2efac6c943f23045b2f0eeea484d7f9

SHA-256:

d035e3b28f8313b78197aae892762f37ed87dbd145f8816c59f4aead453700fe

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/19/2024 10:39:39 AM UTC (today)

File size:

12.5 MB (13,084,896 bytes)

Product version:

5.5.0031.0

Original file name:

SFXCAB.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\iobit\advanced systemcare 7\securityhole_backup\kb2932677.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

1/24/2013 2:33:39 PM

Valid to:

4/24/2014 3:33:39 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata

Compilation timestamp:

6/24/2004 5:14:00 PM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

393216:ezad1nXwmwPvOQ84LBnDYmmLnR8v58dEGV6Drfj:5lwK+nXdxFGUfj

Entry address:

0x5892

Entry point:

E9, 68, FA, FF, FF, 8B, 44, 24, 04, EB, 17, 80, F9, 3B, 75, 0C, 84, C9, 74, 14, 40, 8A, 08, 80, F9, 0A, 75, F4, 80, 38, 20, 7F, 09, 40, 8A, 08, 84, C9, 75, E3, 33, C0, C2, 04, 00, 8B, 4C, 24, 04, EB, 05, 84, C0, 74, 11, 41, 8A, 01, 3C, 0A, 75, F5, 41, 51, E8, C0, FF, FF, FF, C2, 04, 00, 33, C0, EB, F9, 53, 8B, 5C, 24, 0C, 56, 8B, 74, 24, 0C, 57, C6, 03, 00, EB, 0C, 56, E8, CB, FF, FF, FF, 8B, F0, 85, F6, 74, 2D, 80, 3E, 5B, 75, EF, 8D, 46, 01, EB, 0A, 84, C9, 74, 1F, 80, F9, 20, 7E, 0A, 40, 8A, 08, 80, F9... 
[+]

Entropy:

7.9999

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

30 KB (30,720 bytes)

The file kb2932677.exe has been discovered within the following program.

360Amigo System Speedup Free by 360Amigo

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.360amigo.com

53% remove it

The file kb2932677.exe has been seen being distributed by the following 50 URLs.

http://localhost/Mercury/.../Silverlight.exe

http://d6.jdcdn.net/fas/.../Silverlight_x64.exe

https://www.microsoft.com/getsilverlight/.../getsilverlight.ashx?wa=wsignin1.0

http://indir.gezginler.net/i/4213/343231335f323031352d30342d3137/.../

http://sbsplayer.sbs.co.kr/installSilverlight.jsp

http://go2.microsoft.com/.../?LinkId=116053&v=5.1.30214.0

http://go2.microsoft.com/.../?LinkId=116053&reqVer=4.0.50401.0

http://go2.microsoft.com/.../?LinkId=116053&v=5.0

http://software.thaiware.com/download_url.php?id=358

http://www.techtudo.com.br/_/software/.../download

http://go2.microsoft.com/.../?LinkID=149156&v=5.0.61118

http://files.downloaddd.in.th/Silverlight.exe

http://go2.microsoft.com/.../?LinkId=116053&v=5.1.20125.0

http://go.microsoft.com/.../?LinkID=149156&v=5.0.61118.0 style=

http://go2.microsoft.com/.../?LinkID=114576&v=5.1

http://indir.gezginler.net/i/4213/343231335f323031352d30332d3136/.../

http://go2.microsoft.com/.../?LinkId=116053&v=5.0.61118.0

https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=f4502d34-3b8f-4a04-b741-289e08aa1782&wp=MCLBI&lcid=1033&fu=http://www.microsoft.com/getsilverlight/.../getsilverlight.ashx

https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=f4502d34-3b8f-4a04-b741-289e08aa1782&wp=MCLBI&lcid=1033&fu=http://www.microsoft.com/getsilverlight/.../getsilverlight.ashx&wa=wsignin1.0

http://silverlight.dlservice.microsoft.com/download/B/3/C/B3CF6815-40B1-4E36-8746-C4A0381AD260/20513.00/.../Silverlight_x64.exe

http://silverlight.dlservice.microsoft.com/download.vtsafe/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.vtsafe.exe

http://safe.pre-cloud.com:8080/vt.php?q=http://silverlight.dlservice.microsoft.com/download/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.exe

http://www.microsoft.com/getsilverlight/.../getsilverlight.ashx?v=5.1.20125.0

http://go.microsoft.com/.../?LinkID=149156&v=5.1.20125.0

https://www2.bt.com/btPortal/application?event=link.portallogout&namespace=security&origin=logout.jsp&external_target= http://silverlight.dlservice.microsoft.com/download/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.exe&siteArea=

https://www2.bt.com/logoff?external_target= http://silverlight.dlservice.microsoft.com/download/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.exe&siteArea=

https://www2.bt.com/logout_all?external_target= http://silverlight.dlservice.microsoft.com/download/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.exe

https://go.microsoft.com/.../?LinkID=149156&v=5.0.61118.0

http://200.117.237.14/msupdate/B/A/9/BA94BEC9-5DBC-4B50-BC2B-046A42399067/.../Silverlight_x64.exe

http://www.microsoft.com/getsilverlight/.../getsilverlight.ashx?v=5.1.20913.0

Latest 30 of 63 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.