» setup_iepassworddump.exe
Overview
Analysis
File Details
Downloads (1)

setup_iepassworddump.exe

IEPasswordDump

SX Network

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from securityxploded.net.

File name:

Publisher:

SX Network

Product:

IEPasswordDump

Description:

Command-line based Internet Explorer Password Recovery Tool

Version:

3.0

MD5:

7eed72bcb79968b42cb53b396bee760d

SHA-1:

4193adf69ef26c4b2520f6d6f2f2caaf8b89ef57

SHA-256:

8af2b6a27572b6e7e0e861d4ec772a384451113d9d07fef1e6d55fd96b3854d1

Scanner detections:

8 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 7:53:00 PM UTC (today)

Scan engine

Detection

Engine version

AVG

AdInstaller.SecXplod

2016.0.3002

G Data

Win32.Riskware.PassDumper

15.8.25

McAfee

Artemis!7EED72BCB799

5600.6658

NANO AntiVirus

Trojan.Nsis.Siggen6.dtckiq

0.30.24.3079

Quick Heal

Hacktool.Secxpld.PS4

8.15.14.00

Sophos

Security Xploded (PUA)

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43050

File size:

821.5 KB (841,262 bytes)

Product version:

3.0

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\etmrhqpb\setup_iepassworddump.exe

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:B7FqvoXD5y9wW5zmCAgZXZA5eU7HVT4YE:B2oXVy6W4kZJA5eU7HVg

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.5850

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file setup_iepassworddump.exe has been seen being distributed by the following URL.

http://securityxploded.net/getfile_installer.php?id=5575

Scan setup_iepassworddump.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.