msvbvm50.exe

Win32 Cabinet Self-Extractor

Microsoft Corporation

This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2600.0000 (xpclient.010817-1148)

MD5:
e037b441d3eabd82f1e1842180919aa3

SHA-1:
28bfaf09b8ac32cf5ffa81252f3e2fadcb3a8f27

SHA-256:
b5f8ea5b9d8b30822a2be2cdcb89cda99ec0149832659ad81f45360daa6e6965

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/21/2017 8:58:48 PM UTC  (today)

File size:
969.6 KB (992,864 bytes)

Product version:
6.00.2600.0000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\msvbvm50.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
5/25/2002 3:55:48 AM

Valid to:
11/25/2003 4:05:48 AM

Subject:
CN=Microsoft Corporation, OU=Copyright (c) 2002 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61071143000000000034

File PE Metadata
Compilation timestamp:
8/17/2001 11:52:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
24576:G/4MgrgtOaYe5umyhb8d+UuJfWTAmWYT4T1k:JMgrgtOxe5ufhYd+wd8W

Entry address:
0x5A5E

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 5C, 11, 00, 01, 8B, F0, 8A, 06, 3C, 22, 75, 12, 46, 8A, 06, 84, C0, 74, 04, 3C, 22, 75, F5, 80, 3E, 22, 75, 13, EB, 10, 3C, 20, 7E, 0D, 46, 80, 3E, 20, 7F, FA, EB, 05, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 58, 11, 00, 01, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 54, 11, 00, 01, 50, E8, 35, FF, FF, FF, 50, FF, 15, 04, 11, 00, 01, CC, 53, 8B, 5C, 24, 08, 3A, 5C, 24, 0C, 75, 1B...
 
[+]

Entropy:
7.9682

Developed / compiled with:
Microsoft Visual C++

Code size:
34 KB (34,816 bytes)

The file msvbvm50.exe has been seen being distributed by the following 27 URLs.

about:internet

https://dw.uptodown.com/dwn/X1RSRwOUn3X8QG3a2EmBrAspsakMELjGaTYFrEvtj51OGy6ugskOX8te3GoA7Qw-CJtRWbcxAIWiBnjK5ftrIWTGBUYwHuWH0CO9k41DDh8fxU9uV3GIMWs5nC66z9HH/axLoenbmZY0vcUMH2Qk5Tlkv2eBsV-HIcZec3uNkeuXw9NjoHQYRYkwdCyAlhZDymZ3bph-CBPuOa5Q4S8uT8Wq8riVmz2e9Nu4f8qGFrZxq5sWBJB9nmVK7vRBu9BZK/BTPOlcYkQ9KQxZUdiOT1lD3PsIQgZGhnPojjCkjCvz7RrO6Z-aOgx2veMQPAzYK_Dpc2QrBvySRMSI_SwI3zChqJh1Zl5iFMN0SggjyZNRppWR0Og__ZHa4JXb89_aAv/.../

https://ublearns.buffalo.edu/bbcswebdav/.../xid-8823305_1

http://www.vakantieblaadjes.be/.../msvbvm50.exe

http://api.256file.com/.../74319_msvbvm50.exe

http://download1474.mediafire.com/xh0jiycam2hg/.../Msvbvm50.exe

http://www.rqct.com/.../msvbvm50.exe

http://dw.uptodown.com/dwn/Ra5PZHsfCcRm5pdg6JDq_pfN-sBh7uOLInkcmNGGZWexwanxMQUsU8_35u0fobNdQKIfqqDVi8jsKiymWUZzamXK9n2d4VZ-myGbC6QRJYJxJ4nh2tuKdMYaOKEwPscN/6xngeJqsPmV43H3qhX0WtUjQKYS1wXuOr5LdfY-gRTLtsye5woWsUbgSX_i2C-Go5k3vgHDoibqwhyOHOQfN3RLD28mbmksZGtCKoXv4a7lXKICSVpsr-NO6L8Mm9hNz/.../

q=http://goo.gl/auNcI1&redir_token=ENBFaWJdVh1JxJy372E1YnzV41p8MTQyOTA0MDY1OEAxNDI4OTU0MjU4

ftp://172.16.1.201/Globus/.../Msvbvm50.exe

http://177.69.143.161:81/Download/.../MSVBVM50 (apenas win7-executar como admin).EXE

q=http://goo.gl/auNcI1&redir_token=GOyIil6hLkkMRFbptpIQfJaNNRF8MTQ1MTE3NzA2M0AxNDUxMDkwNjYz

http://203.113.15.13/msupdate/vb50pro/utility/1/win98/.../Msvbvm50.exe