» -programy-ewido-setup_4.0.0.172c_[www.programosy.pl].exe
Overview
Analysis
File Details
Downloads (8)

-programy-ewido-setup_4.0.0.172c_[www.programosy.pl].exe

GRISOFT LTD

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

Publisher:

GRISOFT LTD (signed and verified)

MD5:

653084ef359cba0f9c8e5a8576a43a2b

SHA-1:

a2ded1a2333450548548bfc8434092008c533bd0

SHA-256:

bb71f2bebc106435eb202a1aa75486cb1d51ddf31af930ea3c797f61a22bb941

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/19/2024 12:49:35 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Trojan.GenericKDZ.24293

8.14.05.09.10

File size:

5.7 MB (6,020,448 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\-programy-ewido-setup_4.0.0.172c_[www.programosy.pl].exe

Digital Signature

Signed by:

GRISOFT LTD

Authority:

VeriSign, Inc.

Valid from:

7/7/2006 2:00:00 AM

Valid to:

7/7/2008 1:59:59 AM

Subject:

CN=GRISOFT LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GRISOFT LTD, L=NICOSIA, S=CYPRUS, C=CY

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

67BF2128CC4054D80BAC9E9D79B55372

File PE Metadata

Compilation timestamp:

3/4/2006 6:05:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:zctcldCNTCGyZGvoT4Jg4MmP0W0J1mLe2UPMrTViJTVgsCBHiJD86MzpVWgoVlG8:zPlkTXyoQT4PAM6ST0JuBH65SpkXVMtG

Entry address:

0x32E0

Entry point:

81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 68, 91, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, 10, 44, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 20, FD, 41, 00, FF, 15, 58, 71, 40, 00, 68, 8C, 92, 40, 00, 68, 60, 3B, 42, 00, E8, 2C, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B8, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B4, 70, 40, 00, 68, 84, 92, 40, 00, 53, E8, 17... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file -programy-ewido-setup_4.0.0.172c_[www.programosy.pl].exe has been seen being distributed by the following 8 URLs.

http://dw.uptodown.com/dwn/HQ0T4TyTzBXLsap5H2bZ_T85LBlWY1hCXF-VaukRVX4KhvyG5nZpGh68n95gQBlXXQYgxOsL9yRvTqROQsXpnzDB_QsslS0ewB_PucPxPiIu1w_JC7vRICXRKfwcPmXV/qGaENpvoy3UZVcgDqyUcMEKqSJuC5AYG596FvhIMxbGXPgsfM42IQf6eYTHQrM6d_Sar8cycIifv-LN5_DsTRw1tOXwZCuiZmscLgPA6SL32EgNsZhH7fdP1WSI-TOz0/4mcn7dw2TiDv_omEZNTIoggtOkkldLN9aFvsS-vorxM_cyqSQ4LEbVWpYaGuerZDsq9GuvRlRpDXeNkY1X3859GrNKPDqUU5L63c7xp8lz4rukpx9TFyZniKJWBHoE2u/.../

https://dw.uptodown.com/dwn/rOfOBV0gvdDLOGD_i_cxwYGUdZjI87ssJMFKaXujmjyExr6Jmn5jasKBOI32ChHkkiQEJlQqZLEb0lykn6lLfPinlPr4Npltmk-U_89mz4SQG0gC8ciVLduXtp6EBjYW/rjj8fc-QcU0t0yqBNfN2SKqadQZnAJEY4yg8m5tpWZQA2tzOQYv6wgABVK2413vaeq3Dn55ywdgHeXlUAllcaR7a09bFN9w9ldYvoIpxE-6JqYE5yVDc0ZAeThqtlAsr/kFQrdHcw8Oggl-uUwafRypCckb3hzYgKsSSRyKDR_WdLlkku17eJcsGx75Xzq4SAZUhht20jiun6Nw-uuMlQEszUSBh5JjjJriNZItZY1tNdf362D91YUO54wlMNK5zx/.../

http://dw.uptodown.com/dwn/qCQhe7jZWyLElPGxT3yc5RYtmnjbNJBZa67b2LxDAxaKFyjXg0HyeidVboyaX0siGG857vtkui6tSAYhplN4F5ZzXZNt7oxpvbXzWm-Sd-edur0nJ1ZxKj9X3IMTXfvs/y-CZO2cRbhs2TFz0VcJ7hlX_7PHAvPNZbfPChu4zVygFjHqwBVQ7D-vQSvADKLBeasqxZOVYCB0FAv0HraXJKW-uZD12VTJD91XKpATi8cCB0PMYmK10hx26Jqh9GT4H/.../

http://dw.uptodown.com/dwn/yJlbPZ2wihlaedVFTLJVoSTlLDF9Je08_2xBtTiR1AsQnCfdRhJkceOsHqSiOHZylNXduj7jczkA3lMLrLQmKnsLRbg6_hsbT3Z8OmHPzphf26-i-hZqO92UeEBeyE2Z/U7Cl2FBlQRLfBmI3d8Sw5LQ1gMQ-jMavO8neMIdx8gI4FwuiidOpSwiNSYi31W-HCc-95tngcoGw0mjKlAx9fGZeAJXiem00Yez4yI88rH05jlxuPFskngPF3xg6CkbL/.../

http://dw.uptodown.com/dwn/H-K-GA6ooWy1ryWKsbubfXYIShqv4A0VDLfV-L_v-aW7wIHuiHE7tm0cHafJQl5xBxr0UZc4SSnKWQyIBMxGSHG9WxQWztPKuiqMxBpZbJmr9Dzjs6xlHEs-Fb-25Cg4/yzQ2oUDNzSuUVy5izX3BBkHtrFpaQ2A6Ocl8cAE_17yyP6TPOU79u6Uha-13RU2zuavW9Hh8xlnFhB-7AO5bI5F60A-KuzuiN4od01Pa1hHiCHgjPhXsKRvpuYG8GBmo/.../

http://dw.uptodown.com/dwn/mAtqVhLOE_r3g4NnOLhZrvEaDxzzdM_ZlMo4LNb1T0oWN2IZhS12-WWpVOJiZEGNic0aywlKdJ_kn3dcrXkK06hDMBHdg5Vzxni7EHc6V5zPmpyHNLZxQ70UC8tHDVBX/vFdo99wquXJRqqmoywArlP9ciL0zwuPxkCzaWb2_6Ixv5uSFNbCUbAA1NesUo12ez1YNzQEaTaDUTq0z2J874AADaBWz0tlzka2C3VZ_QmJphL4WcFU265dOoJrqJP4Z/.../

http://dw3.uptodown.com/dw/1442827986/.../ewido-antispyware-4.0.0.172c.exe

http://dw.en.uptodown.com/dl/1432744085/.../ewido-antispyware-4.0.0.172c.exe

Scan -programy-ewido-setup_4.0.0.172c_[www.programosy.pl].exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.