» niet bevestigd 432561.crdownload
Overview
Analysis
File Details
Downloads (1)
Network (2)

niet bevestigd 432561.crdownload

Installer

Enigma Software Group USA, LLC

File name:

Publisher:

Enigma Software Group USA, LLC. (signed by Enigma Software Group USA, LLC)

Product:

Installer

Description:

Enigma Installer

Version:

1.0.287.328

MD5:

7b1bffd3306e98f44e769fae869db971

SHA-1:

693c336267b328fe7640ff544f6b798312968e3b

SHA-256:

062583b745ee3625cc6d0f65366a5f510037a5a8584c21814f8afa29b8c98e46

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/23/2024 10:06:24 PM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V1104

7.2.9

File size:

2.9 MB (2,994,048 bytes)

Product version:

1.0.287.328

Original file name:

Installer.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\niet bevestigd 432561.crdownload

Digital Signature

Signed by:

Enigma Software Group USA, LLC

Authority:

VeriSign, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

5/27/2017 1:59:59 AM

Subject:

CN="Enigma Software Group USA, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Enigma Software Group USA, LLC", L=Clearwater, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4549D6525BEC58AA524A1CE9E786B4E9

File PE Metadata

Compilation timestamp:

10/7/2014 11:32:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:FyImfNDt7rWkqsPjwIUcgXabQP+bDiBuEzliT8jDwTXnLTzvNCXrI7LN8+o3AM:FyzfnrqsPjwZfcQPWDGudfTNCXrGK+ov

Entry address:

0x12551E

Entry point:

E8, 28, 10, 01, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 33, DB, 39, 5D, 08, 75, 04, 33, C0, EB, 44, 56, 57, FF, 75, 08, E8, 0C, D2, 00, 00, 8B, F0, 46, 6A, 02, 56, E8, 32, 00, 00, 00, 8B, F8, 83, C4, 0C, 3B, FB, 74, 22, FF, 75, 08, 56, 57, E8, FC, 8C, 00, 00, 83, C4, 0C, 85, C0, 74, 0D, 53, 53, 53, 53, 53, E8, A8, EA, FF, FF, 83, C4, 14, 8B, C7, EB, 02, 33, C0, 5F, 5E, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 47, 10, 01, 00, 8B, F0, 83, C4... 
[+]

Code size:

1.5 MB (1,619,456 bytes)

The file niet bevestigd 432561.crdownload has been seen being distributed by the following URL.

http://download.spywareremove.com/spyhunter-free-download/.../SpyHunter-Installer-k.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Scan niet bevestigd 432561.crdownload - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.