home

_start.exe

_geolib

Eversim

Publisher:
Eversim  (signed and verified)

Product:
_geolib

Description:
_geolib

Version:
1, 0, 0, 1

MD5:
68cb1d637827e710067d79f71287c2a9

SHA-1:
28725076191f364a16dd8f5f7e9d2ac3205b2031

SHA-256:
243e966fd0a55024850b40c19c5fc6dfe5ead628ebc1dc3a71ded479e5dd64c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 5:29:43 PM UTC  (today)

File size:
5.2 MB (5,493,808 bytes)

Product version:
0, 1, 2, 3

Copyright:
Copyright (C) 2014

Original file name:
_geolib.rc

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\masters of the world\_start.exe

Digital Signature
Signed by:
Eversim

Authority:
COMODO CA Limited

Valid from:
2/6/2013 1:00:00 AM

Valid to:
2/7/2015 12:59:59 AM

Subject:
CN=Eversim, O=Eversim, STREET=13 Place des Libertés Publiques, STREET=Immeuble le Mandinet II - Bat B, L=Lognes, S=Seine et Marne, PostalCode=77185, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EB979B2F13B48AE0530AEDCAA0A5B5C2

File PE Metadata
Compilation timestamp:
3/13/2014 10:15:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:fmFILELHquo0LFc+EOURUZtU1PV+UOf/MAcLqQefgiz9UfBOV4:fQLKu/LiIZU6kulfx2l

Entry address:
0x4F80B000

Entry point:
EB, 05, EC, 6B, 05, F0, 3E, 50, EB, 02, 69, 33, E8, 1B, 00, 00, 00, EB, 05, 09, 1C, FB, 01, 62, EB, 05, 17, D8, D7, 2E, CC, 33, C0, EB, 04, 60, 15, 5D, A1, 71, 5C, EB, 01, 46, EB, 03, 15, EA, FD, B8, 05, 48, 96, F6, EB, 01, AC, EB, 03, 4A, A9, 0A, 05, FB, B7, 69, 09, EB, 03, 92, F3, B0, 75, 3B, EB, 02, 18, A2, 64, FF, 30, EB, 01, 2C, 64, 89, 20, EB, 04, 12, AC, 57, 4D, EB, 01, CF, 8B, 10, EB, 02, 68, 7E, 64, 8F, 00, EB, 03, 1B, B5, E2, 83, C4, 04, EB, 02, E6, 9D, 58, EB, 05, 4B, A0, 0E, 3C, 6E, C3, EB, 05...
 
[+]

Entropy:
7.9999  (probably packed)

Code size:
10.7 MB (11,238,400 bytes)

Scan _start.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.