home

_start.exe

_geolib

Eversim

Publisher:
Eversim  (signed and verified)

Product:
_geolib

Description:
_geolib

Version:
1, 0, 0, 1

MD5:
eae53721aec5cfe1d0ba3bdcf2069e2a

SHA-1:
8ee56a98f2f82b7806ff134a84ce55784f1490f3

SHA-256:
2c2ff844d546cba3e48345dcfd3d7f883d4b4c09d92834f6b52e90f4c7c3cc59

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 10:30:11 PM UTC  (today)

File size:
2 MB (2,086,192 bytes)

Product version:
1, 25, 0, 0

Copyright:
Copyright (C) 2014

Original file name:
_geolib.rc

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\world of leaders\_start.exe

Digital Signature
Signed by:
Eversim

Authority:
COMODO CA Limited

Valid from:
2/5/2013 7:00:00 PM

Valid to:
2/6/2015 6:59:59 PM

Subject:
CN=Eversim, O=Eversim, STREET=13 Place des Libertés Publiques, STREET=Immeuble le Mandinet II - Bat B, L=Lognes, S=Seine et Marne, PostalCode=77185, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EB979B2F13B48AE0530AEDCAA0A5B5C2

File PE Metadata
Compilation timestamp:
1/14/2015 6:49:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:rZvSJ8S357dMB2j5xrwkuyOIDGfVYTvZaJyRSR4+Mc:IJ8S7MMtpCyOhfVAvZaJywahc

Entry address:
0xCC1D000

Entry point:
EB, 05, AF, BC, FA, F7, 21, 50, EB, 02, 61, FB, E8, 1B, 00, 00, 00, EB, 05, C4, B2, 53, C7, D9, EB, 05, 9C, EE, D3, E0, 07, 33, C0, EB, 04, 2D, 84, A8, 07, 71, 5C, EB, 01, 29, EB, 03, 3A, 7F, 71, B8, 05, 48, 9C, F6, EB, 01, E4, EB, 03, 5D, 9E, F8, 05, FB, B7, 63, 09, EB, 03, 92, 61, DA, 75, 3B, EB, 02, D1, 50, 64, FF, 30, EB, 01, 94, 64, 89, 20, EB, 04, 59, 79, 6A, 2A, EB, 01, 40, 8B, 10, EB, 02, E5, 93, 64, 8F, 00, EB, 03, 20, B7, CB, 83, C4, 04, EB, 02, F5, 83, 58, EB, 05, F3, 5E, 5B, 66, 52, C3, EB, 05...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
3.6 MB (3,752,960 bytes)

Scan _start.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.