» repartitionbaddrive.exe
Overview
Analysis
File Details
Downloads (6)

repartitionbaddrive.exe

Abstradrome

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

Publisher:

Abstradrome (signed and verified)

Version:

1.0.0.0

MD5:

a4f480fc47419268c2690df0b836a70b

SHA-1:

a3cd6290f01ccb6fc574ef0b3be296e7fcda9df3

SHA-256:

41507d8f31cad2f6e1c2c4d27561fba74e09d3328e4c088ca5690c00113f6cd1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 12:54:22 PM UTC (today)

File size:

1.4 MB (1,517,440 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\repartitionbaddrive.exe

Digital Signature

Signed by:

Abstradrome

Authority:

VeriSign, Inc.

Valid from:

12/10/2008 1:00:00 AM

Valid to:

12/11/2009 12:59:59 AM

Subject:

CN=Abstradrome, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Abstradrome, L=Moscow, S=Moscow, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

11103213D9E2D4A1D1ABC29271329D4D

File PE Metadata

Compilation timestamp:

1/4/2009 10:54:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

83.82

CTPH (ssdeep):

24576:yFYNL3pSNStkVETrajsKqhl39YOQ74AoKcLX4C5+NdRZPJlkqMtUe9t/yBJzx3uZ:yFa3p+ETG5q83oXL7epYqML/y/zxe6PM

Entry address:

0x16C41B

Entry point:

E8, F5, 80, 00, 00, E9, 16, FE, FF, FF, 6A, 0C, 68, 58, 4E, 5A, 00, E8, 83, 37, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, C8, 86, 5A, 00, 77, 22, 6A, 04, E8, 15, 3B, 00, 00, 59, 83, 65, FC, 00, 56, E8, 77, 5E, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 8F, 37, 00, 00, C3, 6A, 04, E8, 12, 3A, 00, 00, 59, C3, 55, 8B, 6C, 24, 08, 83, FD, E0, 0F, 87, 9F, 00, 00, 00, 53, 8B, 1D, E8, 81, 59, 00, 56, 57, 33, F6, 39, 35, D4, 72, 5A, 00, 8B, FD, 75, 18, E8, 11, 39, 00... 
[+]

Code size:

408 KB (417,792 bytes)

The file repartitionbaddrive.exe has been seen being distributed by the following 6 URLs.

https://dw.uptodown.com/dwn/tpmgufLwooVG9a-Z5D47QMMBxxpeelGml5B8EoiHDjVxxXm91QDqvOLCMUjCNq7tMjt8migOTTfBZT7LqeeScasNe669GguF6C0YCLgIGYTxq3GXcbI3_PTBmJjqsQDa/58clb3BjUqmCOO4PWD7gKpRVUK30lWv6ys7TZBbGHipDygJYikPu7P3b12DcsNDUPGmuZ1fogwSjhlbbwqD1b2xRy6i-ShK3xmIC1CDHVNBD6RWHm2MS1obQ9HMn1Ulo/ev6XcvV5bERJYRiPrsUR_SbzxHBWs1uIxYFgQWPMcQZ_P-dfepPTpof2VtVR2E0Uil3W7BsjwhibQfNa7VHWSKK4yD9lllfWGpCOF9oNU20f9ian9IkPGQd0S00QZwRq/.../

http://dw.uptodown.com/dwn/-xc0u-dm_WtM7uIVvu2wCcWLucZtFt7wGDTfc0wyDDB9a9eCcXln9yLHMbfEHNTuMgW8r4zJPKzaiqgZLJa54Cz1Py5P3XQGq1xcEr7L5CBap8R5lztsQJBWqot_o8g4/vZpKZXW2u21wP-aY1oAoNuCZ_vtwkYY5RTLBzvIWAJ3gkMK4jaEbdBOmDJxedLAH3iAFV4d8wePx45WpZAn-_fjmucqpgQyUn8sICGPmiDpZY2jO3D0gdSZ-4KmN31F2/p39WZJMSDpRVGFZHQy-ZDEA7SOJsBrrvkMfSWuwaBbmG_XHKekEajrL6UmT7El-obltB91qkALf2k1pn5OODAHf2wnj72E5RDNL5ETTq1ukkOEfjfIKFeXzx5T5gDuKW/.../

http://dw.uptodown.com/dl/1447016103/.../repartition-bad-drive-1-01-en-win.exe

http://dw5.uptodown.com/dwn/dOC7hy9bwf3zuK_nXvtT0H7butjRKaQLdJ2J84W7ttgmDMjYHM4QyTpAdpHDAppt4H0G9dpKA_SC_c1PYQdJkZZcTjuudNZnHsRFzPthV5QuM1Q3KvTSYWqzc0Ox12CA/6mXyvFwWPIYrF4OKjASTZ-ULWYMDH8O37TL-Jd2oOhV8Ld24KT7WyjOw67BgPnlga4LMesqpEfwc7ddF3rQs6C4Cn7FRnBSTkwxMkMeE0T4D8QtIv9NNACWnsDioZifG/IRtVcFjxoCjWl_28_q881eYlUu7OgnJqSUbAAj6i_VezXydIt_DgSeW3Qs4hJXfv5qaxKA9yFI79B0CRYeTNoGBIJZlK6EaYcSw4CEGeXMu3wPJcmegpUIN_LUED4YHL/.../repartition-bad-drive-1-01-en-win.exe

http://dw.uptodown.com/dwn/Ua48cfyzhfgmW1jDOmyoA7GAKlyLKsoVBgd9I3HFrVPT2FxrP4Lw7eQtjn4lBBANzDTg7p5ztvmq-IamxNphhzKN6Wzx3vuhC4w4Un6j8O1yTFR1utpWTLM3IM1JKBTM/dimXR5hvhTv5Q8xUKri7xCGG4OHJQIeYTyBkbLeRi6SELlp7QMOQH2Tb0TxDv9T_pbmia9VHijZzSOCchoyP7eUYCZAekmhnt03GU8LX0aQ0r6BdwKSzHOQD0MlhCz4B/SXAmKe2zdLxR4jPNamobwrRNZCvqMN1q6si8hBMmMviY3oZTotlZqDjjNEy1Tv0uEOqAOSFVAOlRPxj96wQTLaWpAFPc9E3ON_04Mppsb4_2Gq_n9OUloCFkyM7bapHW/.../

http://www.dposoft.net/products/rbd/.../RepartitionBadDrive.exe

Scan repartitionbaddrive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.