» Sav.exe
Overview
Analysis
File Details
Behaviors (1)

Sav.exe

Spectra AntiVirus

Spectra Computers India Private Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Spectra AntiVirus’.

File name:

Sav.exe

Publisher:

Spectra Computers India Private Limited (signed and verified)

Product:

Spectra AntiVirus

Version:

2,0,1,2

MD5:

9cd2053f6a4cc866f5b5fedd3492fdbe

SHA-1:

8afd1da25d41fa2760e46281a3d22ce900bb2a30

SHA-256:

102f8ee791115afa73018f61fae3fdc69ef2177ed275329d1ba7c427a515fbc3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 5:40:31 AM UTC (today)

File size:

633.4 KB (648,624 bytes)

Spectra AntiVirus

Trademarks:

Spectra AntiVirus

Original file name:

Sav.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Common path:

C:\Program Files\spectra\antivirus\sav.exe

Digital Signature

Signed by:

Spectra Computers India Private Limited

Authority:

VeriSign, Inc.

Valid from:

5/26/2012 5:30:00 AM

Valid to:

5/27/2013 5:29:59 AM

Subject:

CN=Spectra Computers India Private Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Spectra Computers India Private Limited, L=New Mumbai, S=Maharashtra, C=IN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7AF117D807D70AD54FCC8FE8B50FA8DC

File PE Metadata

Compilation timestamp:

5/19/2000 3:41:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.8

CTPH (ssdeep):

12288:v6FFxRl8ZoPL4DL2U50Gbo/+a7T1jBXI8k1U4yTrbby/mrp:IZl86L4X28a+a7ZjnkhCf6m1

Entry address:

0x3CC001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, C0, 3C, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Entropy:

7.9700

Packer / compiler:

ASPack v2.12

Code size:

1024 Bytes (1,024 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Spectra AntiVirus

Command:

C:\Program Files\spectra\antivirus\sav.exe

Scan Sav.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.