home

topbankingsetup.exe

Banking 4W

Subsembly GmbH

This is a self-extracting archive and installer. The file has been seen being downloaded from subsembly.com.
Publisher:
Subsembly GmbH  (signed and verified)

Product:
Banking 4W

Description:
Banking 4W Setup

Version:
6.2.0.0

MD5:
0b3785f1726b56a5a3f062e9e83f164e

SHA-1:
0db74d3240a8491843179d2f74aa8db1083f76ba

SHA-256:
f1d6a0295ecf5343fa956e3359c9e7287fbad4ea3ad8ba00c6062c3b1bde8aec

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/23/2024 2:04:09 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16119

File size:
2.3 MB (2,383,144 bytes)

Product version:
6.2.0.0

Copyright:
Copyright © 2004-2016 Subsembly GmbH

Trademarks:
Subsembly® ist eine eingetragene Marke von Andreas Selle

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\appdata\local\temp\topbankingsetup.exe

Digital Signature
Signed by:
Subsembly GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/16/2015 5:51:32 PM

Valid to:
4/16/2018 9:35:08 AM

Subject:
E=info@subsembly.com, CN=Subsembly GmbH, O=Subsembly GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112146F040DA57586F4A6FE5F856E0D3543B

File PE Metadata
Compilation timestamp:
1/20/2016 5:08:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:tOl8MBXau7T4vsQ9wL3UGWQ6yJ6nLLXpZGLxTVEaA9r2E:tOsUffWIJSLXWxTOlrj

Entry address:
0x3301

Entry point:
E8, 70, 02, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 88, 07, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, D8, 7B, 41, 00, 8B, 50, 04, EB, 04, 3B, D0, 74, 10, 33, C0, 8B, CA, F0, 0F, B1, 0E, 85, C0, 75, F0, 32, C0, 5E, C3, B0...
 
[+]

Code size:
57.5 KB (58,880 bytes)

The file topbankingsetup.exe has been seen being distributed by the following URL.

https://subsembly.com/.../TopBankingSetup.exe

Scan topbankingsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.