home

papers_3044.exe

Papers 3

Mekentosj BV

This is a setup program which is used to install the application. The file has been seen being downloaded from papersapp.com.
Publisher:
Mekentosj  (signed by Mekentosj BV)

Product:
Papers 3

Description:
Papers 3 for Windows

Version:
3.0.44

MD5:
cd33df3f18470ab9b555963ba9e5b99e

SHA-1:
4c9893723080dbb670cb5f9295bb44a6cf7cab2d

SHA-256:
578b96f738b8711a5bc32c5c34427829cdba41b88b4e6ddad5cb1334ae9b6a57

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 4:45:04 PM UTC  (today)

File size:
81.4 MB (85,360,064 bytes)

Product version:
3.0.44

Copyright:
Copyright (C) 2015 Mekentosj

Original file name:
Papers3.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\papers_3044.exe

Digital Signature
Signed by:
Mekentosj BV

Authority:
DigiCert Inc

Valid from:
2/15/2015 7:00:00 PM

Valid to:
2/28/2017 7:00:00 AM

Subject:
CN=Mekentosj BV, O=Mekentosj BV, L=Dordrecht, C=NL

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E2061EB0F7183C26CD08DEECE5060FB

File PE Metadata
Compilation timestamp:
11/17/2014 10:09:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:W747Ktkb5CuG5ml8Yp+5yZEG7PwsvzyWgf8h1FKSqB4XYOYzddUWPsRXC9fZVs:ktkFCuGOhjEG7Pf2WB1G+Y3z1st+hVs

Entry address:
0xC8DAC

Entry point:
E8, 46, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4D, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.9783  (probably packed)

Code size:
1023.5 KB (1,048,064 bytes)

The file papers_3044.exe has been seen being distributed by the following URL.

http://papersapp.com/download

Scan papers_3044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.