home

s-udgp1_-100wf-allin.exe

NIKON CORPORATION

This is a setup program which is used to install the application. The file has been seen being downloaded from crossgate.nikonimglib.com.
Publisher:
NIKON CORPORATION  (signed and verified)

MD5:
5fbe8d4071a3c49605a692aea1b7e3fc

SHA-1:
af8c9abae0d66258184673125e2d804dad9777ae

SHA-256:
0d228ac5ec6da624725e96de8a7eb84ea41d54f24b015b45429b33ba944d2ec7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 12:53:00 PM UTC  (today)

File size:
10.3 MB (10,797,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\s-udgp1_-100wf-allin.exe

Digital Signature
Signed by:
NIKON CORPORATION

Authority:
VeriSign, Inc.

Valid from:
4/19/2009 5:00:00 PM

Valid to:
4/20/2010 4:59:59 PM

Subject:
CN=NIKON CORPORATION, OU=IMAGING COMPANY, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NIKON CORPORATION, L=Chiyoda-ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3D8B0EF8306E00F302099174ED93E9F6

File PE Metadata
Compilation timestamp:
10/7/2005 2:05:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
196608:hcN8oHWD2qJ5U+uvpzSAs1vGsDiq2FFzBHzRQJt+ljEB9r2QG1ovKm5:iN8oH+JC+opz1uvGF7tQD+lo/C1od

Entry address:
0x1000

Entry point:
E8, 9B, 27, 00, 00, 50, E8, A7, 22, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E5, 40, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 26, 43, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, F8, 24, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, D4, 50, 41, 00, 6A, 65, 56, E8, 3E, 24, 01, 00, 6A, 01, 56, E8, 18, 24, 01, 00...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
76 KB (77,824 bytes)

The file s-udgp1_-100wf-allin.exe has been seen being distributed by the following URL.

http://crossgate.nikonimglib.com/.../redirect.do?P=nMiVS73&R=0gcpP11&L=JM03r00&O=nz5Zc00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.