home

search.exe

Sowsoft LLC

Publisher:
Sowsoft LLC  (signed and verified)

MD5:
ba06da56b2f1a88e6dd523d129e2a667

SHA-1:
28a1ca4a4efd546475a85b62d6775441e8ad6105

SHA-256:
6d3d3eb25efde271424fd30abdc1ed8a9370855df9542aa21b6781e0da09222f

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 10:05:05 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/17411

Quick Heal
(Suspicious) - DNAScan
6.14.11.00

File size:
871.4 KB (892,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\efs\search.exe

Digital Signature
Signed by:
Sowsoft LLC

Authority:
The USERTRUST Network

Valid from:
3/27/2007 4:30:00 AM

Valid to:
3/27/2009 4:29:59 AM

Subject:
CN=Sowsoft LLC, OU=(russian company name: ООО, O=Sowsoft LLC, STREET="Prospect Mira, d. 75, str. 1", L=Moscow, S=Moscow, PostalCode=129110, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
6EB1EE0573C8BD55A954D41E07F04B65

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:GXPhtC88JlUqk5q9r9ANUTmACMQWPCVBZ/R:GKl/8hOf3iP

Entry address:
0x1000

Entry point:
68, 01, E0, 5A, 00, E8, 01, 00, 00, 00, C3, C3, 91, 0E, 7B, 48, 1F, A3, 29, D2, 9B, 99, 0D, F4, 8E, 20, 1C, 5D, 4F, E2, 0C, C2, CB, 61, 15, CE, 00, E7, 2D, FA, B6, A0, 49, 6B, B9, EA, 8C, 18, 55, BA, 18, 3E, D3, ED, 15, 8A, C1, C7, 13, BF, BA, 79, A5, 15, D7, F8, BC, 35, 06, 87, 75, 86, F0, A3, 45, 49, 9D, 36, 14, 5B, AF, BB, 32, 59, 2C, 37, 97, 8F, F9, DB, FF, 0C, 51, 18, C5, 00, 2F, F5, 54, 70, 5A, EB, 16, 4B, 25, 9F, CD, 56, 17, 55, EA, 7C, 9F, 2D, E0, 30, BF, 10, D0, B8, 55, E9, 42, C4, 21, 03, DD, 8F...
 
[+]

Entropy:
7.6524

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1 MB (1,096,704 bytes)

Scan search.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.