home

q283787_w2k_sp3_x86_pt.exe

Microsoft Corporation

This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed and verified)

Description:
Self-Extracting Cabinet

Version:
1.13

MD5:
4c537a219bc536ad4c4ac63ca7d5b0c0

SHA-1:
1c5a8421598d4e7f510d19993f63e1625c738fac

SHA-256:
4f3d23c81521af2d3d498b0fb79380d22a91037840bef4e4ad8cbd663fbb9d2e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/24/2024 10:20:46 AM UTC  (today)

File size:
137.4 KB (140,704 bytes)

Copyright:
Copyright (C) Microsoft, 1997-2000

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\qfepatch\qfe\q283787_w2k_sp3_x86_pt.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/1/2000 6:11:26 AM

Valid to:
8/31/2001 6:21:26 AM

Subject:
CN=Microsoft Windows 2000 Publisher (Europe), OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Dublin, C=IE

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
61059BE4000000000015

File PE Metadata
Compilation timestamp:
7/11/2000 2:48:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:UnK0ND640ZBAAwadH4BJbU800PqI6Vj1AUSd259eqb9:We5tdHMoDJI6lQ25Lb9

Entry address:
0x124A

Entry point:
81, EC, BC, 00, 00, 00, A1, 10, 11, 00, 05, 53, 55, 56, 33, DB, 57, 89, 44, 24, 1C, C6, 44, 24, 13, 63, 89, 5C, 24, 30, 89, 5C, 24, 34, FF, 15, 00, 10, 00, 05, FF, 15, 38, 10, 00, 05, A3, 20, 63, 01, 05, E8, AF, 11, 00, 00, BE, 2C, 63, 01, 05, 68, 04, 01, 00, 00, 56, 53, FF, 15, 34, 10, 00, 05, 8B, FE, 83, C9, FF, 33, C0, F2, AE, F7, D1, 49, 03, CE, 3B, CE, 76, 0D, 80, 79, FF, 5C, 8D, 41, FF, 74, 04, 8B, C8, EB, EF, 51, E8, 34, 0C, 00, 00, 56, 89, 44, 24, 1C, E8, CC, 11, 00, 00, FF, 15, 30, 10, 00, 05, 8B...
 
[+]

Entropy:
7.8754  (probably packed)

Code size:
18.5 KB (18,944 bytes)

The file q283787_w2k_sp3_x86_pt.exe has been seen being distributed by the following URL.

ftp://ftp.asei.co.id/inbound/Driver Printer ASEI/Printer/Brother 5910DW Win All/sp/.../Q283787_w2k_sp3_x86_PT.EXE

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.