home

q283787_w2k_sp3_x86.exe

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Description:
Self-Extracting Cabinet

Version:
1.13

MD5:
dd8ed87563be5911df0ee82753d73876

SHA-1:
22bc28753cf0ce3703774fe5e04dd0fda981f283

SHA-256:
bb797ed9a91ddc9332f290241a3806a2a4838c76e59de127f5fc46aa35fe6dcb

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 3:12:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160327-1

File size:
1.2 MB (1,253,792 bytes)

Copyright:
Copyright (C) Microsoft, 1997-2000

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ojj3600_basic_14\util\ccc\rus\q283787_w2k_sp3_x86.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/30/2000 8:41:26 PM

Valid to:
8/30/2001 8:51:26 PM

Subject:
CN=Microsoft Windows 2000 Publisher (Europe), OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Dublin, C=IE

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
61059BE4000000000015

File PE Metadata
Compilation timestamp:
7/11/2000 1:18:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:InK0ND64EefT0H/iFQMO4I/zJKfJTp5YSIqV1YkPAYsI3:yeHefYH/iUrIJF5Yk/E1I3

Entry address:
0x124A

Entry point:
81, EC, BC, 00, 00, 00, A1, 10, 11, 00, 05, 53, 55, 56, 33, DB, 57, 89, 44, 24, 1C, C6, 44, 24, 13, 63, 89, 5C, 24, 30, 89, 5C, 24, 34, FF, 15, 00, 10, 00, 05, FF, 15, 38, 10, 00, 05, A3, 20, 63, 01, 05, E8, AF, 11, 00, 00, BE, 2C, 63, 01, 05, 68, 04, 01, 00, 00, 56, 53, FF, 15, 34, 10, 00, 05, 8B, FE, 83, C9, FF, 33, C0, F2, AE, F7, D1, 49, 03, CE, 3B, CE, 76, 0D, 80, 79, FF, 5C, 8D, 41, FF, 74, 04, 8B, C8, EB, EF, 51, E8, 34, 0C, 00, 00, 56, 89, 44, 24, 1C, E8, CC, 11, 00, 00, FF, 15, 30, 10, 00, 05, 8B...
 
[+]

Entropy:
1.3021

Code size:
18.5 KB (18,944 bytes)

Scan q283787_w2k_sp3_x86.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.