home

q304572_w2k_sp3_x86_en.exe

Microsoft Corporation

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Microsoft Corporation  (signed and verified)

Description:
Self-Extracting Cabinet

Version:
1.10

MD5:
14b57e8f076897c3809b9c693740b24c

SHA-1:
53772669204fdc360b00ce1d908f451dd204f1b8

SHA-256:
0a7929ef73fd2b52c139d80e2d00fdf648a574d02a0cdcdda6f3dfc66c7b5fe3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/20/2024 12:20:32 AM UTC  (today)

File size:
326.3 KB (334,088 bytes)

Copyright:
Microsoft, 1997-1999

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\q304572_w2k_sp3_x86_en.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
8/20/2001 9:52:37 PM

Valid to:
10/20/2002 10:02:37 PM

Subject:
CN=Microsoft Windows 2000 Publisher, OU=Copyright (c) 2001 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washinngton, C=US

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
6109EFF800000000001B

File PE Metadata
Compilation timestamp:
3/30/1999 8:13:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.10

CTPH (ssdeep):
6144:xOlC0bakMmDlAmtznYaqEnrVSm56gtXv7216SovwsQflWmDvrJ:makM0LtznYaqDm5pxv721WvwsdMzJ

Entry address:
0x1C00

Entry point:
81, EC, B4, 00, 00, 00, 53, 55, 56, 33, DB, 57, C7, 44, 24, 14, 63, 3A, 5C, 00, C6, 44, 24, 13, 63, 89, 5C, 24, 2C, FF, 15, 00, 10, 00, 05, FF, 15, 74, 10, 00, 05, A3, 2C, 63, 01, 05, E8, 89, F8, FF, FF, BD, 38, 63, 01, 05, 68, 04, 01, 00, 00, 55, 53, FF, 15, 70, 10, 00, 05, 8B, FD, 83, C9, FF, 33, C0, F2, AE, F7, D1, 49, 03, CD, EB, 0A, 8D, 41, FF, 80, 38, 5C, 74, 06, 8B, C8, 3B, CD, 77, F2, 51, E8, 22, FD, FF, FF, 8B, F0, 55, 89, 74, 24, 24, E8, A0, F8, FF, FF, FF, 15, 6C, 10, 00, 05, 8B, E8, 33, C9, 89...
 
[+]

Entropy:
7.9745

Packer / compiler:
Nullsoft install system v2.x

Code size:
19.5 KB (19,968 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.