home

lan_realtek_v7.014_w7-32.exe

The executable lan_realtek_v7.014_w7-32.exe has been detected as malware by 4 anti-virus scanners. The program is a setup application that uses the WinZip SFX installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.fujitsu.com.
MD5:
a2842efa03c2c76f4f6af560ae37a250

SHA-1:
f067dc06ef8b6d338b6f474f04f709acab956434

SHA-256:
e52deb1d794f7216faf1a4d37ae290df4ec021f0c3ad4c7eb1c25ee1548c0c08

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/7/2024 7:27:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

File size:
431.5 KB (441,856 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lan_realtek_v7.014_w7-32.exe

File PE Metadata
Compilation timestamp:
1/9/2001 6:08:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
6144:2zPryu2ATryyCD7ilS6osDExS57vthCP3R3/hN2D5Yb8bgEKrMvbPhiSnzztWKoP:2z/2lyqn61DvFhCP3RpNA+XgtiSJAF

Entry address:
0x39D8

Entry point:
FE, CE, 0D, 89, 51, 71, CB, 34, 09, F3, 8B, F1, 43, FF, CE, 69, D5, 4E, 97, B9, 90, FF, CF, 89, ED, 88, FA, 8A, E7, 21, F0, 42, 47, E8, 00, 00, 00, 00, 58, 8A, EC, 88, CA, 32, C8, 81, EF, CE, 4E, 6C, 24, 8D, 15, 63, D6, 7C, 73, 69, DE, 86, B7, DF, 08, F2, 68, DC, 5D, 79, 00, 69, ED, 36, B5, 74, 7C, 85, EE, 74, 08, 0F, B7, DB, 0F, AF, FF, 11, D5, 85, DF, 76, 0C, F7, C5, 49, B2, 8F, CD, 69, D9, 82, 2F, CA, 88, 72, 07, F2, 80, DA, C2, F6, C6, C3, 0B, CA, 74, 09, 12, D9, F3, F7, C6, 21, D6, C4, CE, 05, B9, 78...
 
[+]

Entropy:
7.9706  (probably packed)

Code size:
18.5 KB (18,944 bytes)

The file lan_realtek_v7.014_w7-32.exe has been seen being distributed by the following URL.

http://www.fujitsu.com/downloads/COMP/fpcap/drivers/Driver/LAN/Realtek/.../LAN_Realtek_v7.014_W7-32.exe

Remove lan_realtek_v7.014_w7-32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.