home

q331320_wxp_sp2_x86_enu.exe

Self-Extracting Cabinet

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Self-Extracting Cabinet

Version:
5.3.0010.0 (xpclnt_qfe.020226-1835)

MD5:
54449857164f6a5e00b261f233627eee

SHA-1:
5ba840bdc3988540eb73aa4599e3aabb743d4201

SHA-256:
dc9fbb637ae51cc0a09be1e69308ddd6f8951e35d8a94e3314ad0aa0491397aa

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/24/2024 9:07:28 PM UTC  (today)

File size:
547.9 KB (561,000 bytes)

Product version:
5.3.0010.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SFXCAB.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\q331320_wxp_sp2_x86_enu.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/29/2002 8:32:40 PM

Valid to:
7/29/2003 8:42:40 PM

Subject:
CN=Microsoft Windows XP Publisher, OU=Copyright (c) 2002 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
610E3B71000000000027

File PE Metadata
Compilation timestamp:
11/13/2002 8:14:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
12288:+qHVT+plgTPf/rnZd2UM24ofu3Qg/5BhSe7SEkeKY:JyplgTPf18UMRom3BhLJGEhKY

Entry address:
0x4199

Entry point:
E9, 52, F2, FF, FF, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 13, 8A, 0A, 42, 38, D9, 74, D1, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, ED, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01, 01, 81, 75, 1C, 25, 00, 01, 01, 81, 74, D3, 25, 00, 01, 01, 01, 75...
 
[+]

Entropy:
7.3936

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
111 KB (113,664 bytes)

The file q331320_wxp_sp2_x86_enu.exe has been seen being distributed by the following URL.

http://download.microsoft.com/download/c/0/8/.../Q331320_WXP_SP2_x86_ENU.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.