» ngh150_allwin_spanishtrybuy30.exe
Overview
Analysis
File Details
Programs (1)
Downloads (14)

ngh150_allwin_spanishtrybuy30.exe

Symantec Corporation

This is a setup program which is used to install the application. This is installed with Norton Ghost. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Symantec Corporation (signed and verified)

MD5:

72a1292e37efc6072d9632e1fea60d4d

SHA-1:

6ea7794ff0c65c0c3f70a102b8cd882a221a429a

SHA-256:

ede8a84feb814b67d50ddf486833e6e57faaeabaeceabb441445a26ddb836169

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 7:39:22 PM UTC (today)

File size:

119.7 MB (125,478,816 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ngh150_allwin_spanishtrybuy30.exe

Digital Signature

Signed by:

Symantec Corporation

Authority:

VeriSign, Inc.

Valid from:

10/31/2007 1:00:00 AM

Valid to:

11/25/2010 12:59:59 AM

Subject:

CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

758F5EE8263B6694719D8434EB998608

File PE Metadata

Compilation timestamp:

1/9/2004 11:12:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

3145728:X+wsKk7HrtZlPy+8/xjlNBrSD6i+mPZp7no12jHPi4w9:XlsvblKZvLroPZJo1Qlw9

Entry address:

0x451E0

Entry point:

60, BE, 00, 50, 43, 00, 8D, BE, 00, C0, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

68 KB (69,632 bytes)

The file ngh150_allwin_spanishtrybuy30.exe has been discovered within the following program.

Norton Ghost by Symantec Corporation

Publisher's description - “Norton Ghost provides professional grade backup and recovery--quickly restore after system failures and recover lost or damaged files. Backup to almost any media, including CD-R/RW and DVD+/-R/RW drives, USB and FireWire devices, network drives, and more.”

www.symantec.com

8% remove it

The file ngh150_allwin_spanishtrybuy30.exe has been seen being distributed by the following 14 URLs.

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1477124857&Signature=X5bsejFwKwSIarIGs9He7i8N5zz~XaSDddgd0S3lxsF7eYb0iXepNcfOQ-g8lQOKHYPe7~Thtl-hE1S6qGj53e54qbd3CDNnqd055yU~9Hg7bY16xBfNIcJ02cBhpNwdLuocI1sDtVPTfPvbFyd9R5-BOBWDaNuTXwHwf19Rh~8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1475803751&Signature=ceLx6MIHdMJzmSrELKNGGSVQIcsK1vpkU4lrGBGONTlu7NHZpYrhXd4XTxyC5IzjqyZ-a9ZysS0inrBrGKwBEf2R-DQtK1qgeRRVYkAQ~qhpeEaUr-AmspPfarUfWmoQvVLjedtg52Ugg7t9RD3L4zJx92AAff19wRsqJGZISgw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1476594999&Signature=hZvQ-aA4CifgH9iS-pztJeiR~uZd1rBp~GQfcqIHI103fgjptLqvaqrI~xybyGqjwtGV~OM-uPmraNVqnp6NxLEkAMJzZTKrvNsstz964bGzkEFR3X0OSl3oz8YOFXnV~T2CW1cc7oYK8vZ5cRYP38proSwT~BZnQN34Z7UndUo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://dw.uptodown.com/dwn/c72qD58-gWfwT9nfQp19H8zmk_fXrHaPFYtVMeVesi_MqY25KGFon2FLqdE-ynd1LNUP4as6SiJ-1ZcSQwl5xr-s4AzFYsPxEGRfc73-W8EH56cDwYRjcgCTXfFzLTHu/F_XOIRQBSEamakEuaZ2rnhhA5_afX0g9p_pM2SFj99TVN7wjZNv0OyeJz85PrKCgGd38-7vvJK6SbO3frBK_4RGcCq1OHscOQUssmAYu6gTCuytd5Gm94km_sNrjeS3n/OgEfN0Zp1rUvhgwj0OmtrRLvGx01v-nQEA9IVDr0bOwCsluiA1itsXU9Hh4SoLGDoWek20E0xeUXiaaJYBQvBIp8YrpMABeL3FJDjBskv0CYHvhtsm6osdMvH61rfdBy/.../

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1422885597&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=U-qMSXzJ-iSXw327SRkjqsYnPdLrMwfC8ISQzu0O44SXdyVxfGVagCHm3-jgxwupIe~E~QSXXbaA74yXEBwUiXT4aZvbFIfl74kcerbVyCjge1hRtLN4hAfII2cVmEs7peztP6khegjwCGPlQknSmLIT7~RVZvz~yGKUiftCvCU_&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1464181853&Signature=ZG1xVM40lD1eu3YUoUYGDcV8fYPRfJewjLG8DAaU6JpBPQdN3tpJspxSpbKt07xjXf0aDiBQh6bfWcUwr2Ba8so1xr7c61IFFnl08VH~cziIwY2f4zskdb~07rt4ouhVKEqox1Emk-pQNzoBEI8Je~x3v1NILTf0bnZ-eYAh1oI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1436927296&Signature=CHAb5cPhkklnJokiNF47UKbNnEzd-tJuhul7l~ViL5t4stfh-3QgQYzQEvKhuY0oiRCKEUuH4abvHLgydjw-pIHFay3xECbi-xW5eo10QUpvnveaaKGKTrDOdP07DW8kkkrqtuAes5owvsCPwf1AXq5XcqeyelJv5XniVwrJWfo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://norton-ghost.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWt36jz83JSnj9jkYFVrrCvO HzEVljDbYYLpanMYloCFrJBIqqNCDMpF0r5ic2brxQLwfGr3E8aWE Kc7NB3Ba4ovwzEsi7/.../WCBruhXXgwQGw==

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1437376894&Signature=KrTbl7spADXUG6OEdMvz3WpNKK57q5BfJ~CcsmTJ4eh-IK4Zq8VulssTM7vXIKDAPlAH5PGvUdeuL-KYAlEas4utQRoYO3yOhz09zb5pGN60~ohAnkojxvhZ1-rPhEIB56zQG88qr0hKwQE8B6fshr~lNNZBorrlauNmX9LW1nw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://cdn.portalprogramas-download.com/d/.../Norton-Ghost

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1454228438&Signature=IZX9Ab2tfLl72gFjpdo8YMxHjMFsEPzxBRDGn3K0CdzqRi-jbIWGH1GtPvYnJS2nItift5MU486YiIX8abSpV3KcGl0kUZUbbAtKhUqY5TdXlt5oS3ExpZ9JCi0eixKuPcmFqWg69KbmuSVCIHA3SWBtV1N-b4fCrLrgh8j6I8s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com//6ea/779/.../file?id_file=46034&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=no&SD_used=0&Expires=1408757565&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LAS7hnIDvhsxL9neuxvHBiQxwO05DK1y8dVJYzGHpnspEuoP204bhYBjFxiKTYngRAowtyWXEC9Y1TBBVMLLC120cmkNl~RLKP91CLLQyRhEz8rmDtBA7HJhLCoGsE0xUF4spTLVUOsKUN~sngbh7D8NNZkttMqKmtq0Xt3jkhU_&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://gsf-cf.softonic.com/6ea/779/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46034&instance=softonic_es&type=PROGRAM&Expires=1449800881&Signature=HS34k2hnO3NAEWFxhj7wGL2N1R-bALNh~PMT3Ymz2IcjC-NDSxbKdy6J883w3NMabf9HA7sim1HK3qVsQV0pBZed686mx0n5yQJ7qCSa1mGiTXcJHG3pSDMp~ZSwhkvKcSPFcWUcEJOAHVhaEi7bJ~w6Qd-rmyBrT-qa3NNCVh8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=NGH150_AllWin_SpanishTryBuy30.exe

http://dw7.uptodown.com/dl/1416597760/.../norton-ghost-15.0.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.