home

utherversesetup.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.redlightcenter.com.
MD5:
b936d4e979b59f23a111569f42ea1bb4

SHA-1:
783eba04c4a34d133426c0c955ece2b0794e0c9e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 4:16:41 PM UTC  (today)

File size:
16.1 MB (16,884,336 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\Documents and Settings\{user}\My documents\downloads\utherversesetup.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:7+0Hn+DSv6rBTwKamdgtaYOtHsHnwAnyJd7CmPVkJ+n+tJ:y0tgBUKjd/HsHw7CwkJ++tJ

Entry address:
0x30CB

Entry point:
0F, BE, EB, 0F, B7, D0, FE, CE, 69, F8, A0, 78, D8, 87, 0F, AF, EF, 8B, DE, 81, CE, AA, 19, 08, CD, FF, CA, 89, C8, E8, 14, 00, 00, 00, F7, C0, 5E, 9C, 05, C3, F2, FE, C2, F6, C6, 99, 01, ED, 81, FF, 06, 81, 00, 00, 5D, 8B, CA, 0F, AF, FE, 55, F6, C6, BD, 69, F3, 8D, 21, 4C, 14, 3B, C5, 8B, CF, 0B, FD, 8D, 0D, 0E, 15, 65, F2, 0A, DA, 8D, 15, 85, 9A, 82, 4D, 88, E0, 87, DE, F3, 81, EB, 15, 81, 12, 3F, EB, 02, FE, C2, 84, C2, 85, CA, C6, C2, 60, 8D, 3D, 18, 00, 00, 00, 2C, 0D, F2, 84, D6, 81, EF, 08, 00, 00...
 
[+]

Entropy:
7.9997  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file utherversesetup.exe has been seen being distributed by the following URL.

http://www.redlightcenter.com/GetDownload.aspx?did=1

Scan utherversesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.