home

mstar.exe

nurien

Nurien Software Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from dc104.2shared.com.
Publisher:
Nurien Software Co., Ltd

Product:
nurien

Description:
Start nurien

Version:
1.0.0.1

MD5:
115373cc457b598254a4442c186b07ac

SHA-1:
cafc4a402b9fe4c3b79cc61c9f5e7a366657ef43

SHA-256:
ebf08e62bc8d80d36679a20656c69b5e69b788193377fa32c4b818e15a725d46

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 1:56:09 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
420 KB (430,080 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (c) Nurien Software Co., All rights reserved.

Original file name:
Startup.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\mstar.exe

File PE Metadata
Compilation timestamp:
11/7/2011 9:50:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:zcYYHWgZl45rWtphcXdif2yiigLm0WwrTdXN6f:zO456tphgoR2dWYdo

Entry address:
0x22152

Entry point:
E8, 00, AE, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, BC, 21, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, D6, 39, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D, 00, 00, 00, 00...
 
[+]

Code size:
220 KB (225,280 bytes)

The file mstar.exe has been discovered within the following program.

Ini3Mstar  by Ini3
www.Ini3.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file mstar.exe has been seen being distributed by the following URL.

http://dc104.2shared.com/download/.../Mstar.exe

Scan mstar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.