home

penprotect.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.penprotect.com.
MD5:
4ece50db032a02f07c4ad35b70b0ad5b

SHA-1:
e3e588436cfa478aa322a0f523f00ad161ee5643

SHA-256:
9e74fb48c14baa6b2fa6a8752eeeaec84072bd53d14ad9b2b955d1dfc373727d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/4/2024 6:51:37 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4923

File size:
1.9 MB (1,947,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lottry\nouveau dossier\programs\penprotect.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:lVHN1zxDimz4DMiQZ71lyeGFYLsnQuUg/bjNp5mKqnFwNFsVXerw09BES0SEebQe:PN7z4YiQfUeGFhbjNphEFmFus9BVbbN

Entry address:
0x5FB834

Entry point:
E8, 3B, FF, FF, FF, 05, 00, 12, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, CF, 6C, 00, 00, FF, E0, E8, 04, 00, 00, 00, FF, FF, FF, FF, 5E, C3, 00, 64, F6, 1E, 1A, 42, 01, 08, C1, 85, B2, D6, C5, C9, B2, 98, BD, 0B, 43, 19, D2, 7F, D6, 73, 3D, 6C, E6, 9F, C3, B5, C2, A4, D8, 5B, 0D, 24, C4, B5, 57, 15, 85, B6, 09, D4, DE, E0, E8, 70, F3, 59, 24, 20, 71, 68, EB, 68, AE, 48, 6C, 69, B7, 45, 20, 8E, DD, 26, 2C, 8A, 5D, B4, F0, 7F, 1C, 01, 53, 6D, CE, 54, CE, ED, 88, B3, 44, 18, 7F, 07, 06, 43, 28, 82, 0C, 93, 2D...
 
[+]

Code size:
1.3 MB (1,358,848 bytes)

The file penprotect.exe has been seen being distributed by the following URL.

http://www.penprotect.com/demo/.../PenProtect.exe

Scan penprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.