home

q283787_w2k_sp3_x86.exe

Microsoft Corporation

This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed and verified)

Description:
Self-Extracting Cabinet

Version:
1.13

MD5:
9189dc20290a384915683dc773cce1f7

SHA-1:
d0754fec661a7ea868689432c2bc525ae03e4028

SHA-256:
b7bfda1d01fe5b0a6c652fd901402c86f0ebfccdd10551204fdd9e633caaba18

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/16/2024 8:11:10 PM UTC  (today)

File size:
139.9 KB (143,264 bytes)

Copyright:
Copyright (C) Microsoft, 1997-2000

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ojprol7x00_full_14\util\ccc\ell\q283787_w2k_sp3_x86.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/30/2000 4:41:26 PM

Valid to:
8/30/2001 4:51:26 PM

Subject:
CN=Microsoft Windows 2000 Publisher (Europe), OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Dublin, C=IE

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
61059BE4000000000015

File PE Metadata
Compilation timestamp:
7/11/2000 1:18:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:xnK0ND64ounPOXVtJr4L46deT3Mxm0igC0gBU76:PeWP0V0E4UMvdC7u76

Entry address:
0x124A

Entry point:
81, EC, BC, 00, 00, 00, A1, 10, 11, 00, 05, 53, 55, 56, 33, DB, 57, 89, 44, 24, 1C, C6, 44, 24, 13, 63, 89, 5C, 24, 30, 89, 5C, 24, 34, FF, 15, 00, 10, 00, 05, FF, 15, 38, 10, 00, 05, A3, 20, 63, 01, 05, E8, AF, 11, 00, 00, BE, 2C, 63, 01, 05, 68, 04, 01, 00, 00, 56, 53, FF, 15, 34, 10, 00, 05, 8B, FE, 83, C9, FF, 33, C0, F2, AE, F7, D1, 49, 03, CE, 3B, CE, 76, 0D, 80, 79, FF, 5C, 8D, 41, FF, 74, 04, 8B, C8, EB, EF, 51, E8, 34, 0C, 00, 00, 56, 89, 44, 24, 1C, E8, CC, 11, 00, 00, FF, 15, 30, 10, 00, 05, 8B...
 
[+]

Entropy:
7.8847  (probably packed)

Code size:
18.5 KB (18,944 bytes)

The file q283787_w2k_sp3_x86.exe has been seen being distributed by the following URL.

ftp://ftp.asei.co.id/inbound/Driver Printer ASEI/Printer/Brother 5910DW Win All/sp/.../Q283787_w2k_sp3_x86_EL.EXE

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.