» VB Decompiler.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

VB Decompiler.exe

VB Decompiler

DOTFIX SOFTWARE

It runs as a scheduled task under the Windows Task Scheduler. This file is installed with the program VB Decompiler Pro.

File name:

VB Decompiler.exe

Publisher:

DOTFIX SOFTWARE (signed and verified)

Product:

VB Decompiler

Description:

VB P-Code, Native Code Decompiler

Version:

8.03.0538

MD5:

95f3a2b51f977dc95a2a1838c06b49d1

SHA-1:

ad6de6bf4b13fc1fc4c2e8c61f02dcca3af50772

SHA-256:

4c1ea4a8a06bce043728895fc9700853d9594ed669cfa5af6786a27476c3aab1

Scanner detections:

4 / 68

Status:

Clean (4 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 4:09:41 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Suspicious

7.1.1

Bkav FE

W32.Cloddbe.Trojan

1.3.0.4613

McAfee

Artemis!95F3A2B51F97

5600.7267

Trend Micro House Call

TROJ_GEN.F47V1031

7.2.362

File size:

3.5 MB (3,690,176 bytes)

Product version:

8.03.0538

Original file name:

VB Decompiler.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\vb decompiler pro\vb decompiler.exe

Digital Signature

Signed by:

DOTFIX SOFTWARE

Authority:

VeriSign, Inc.

Valid from:

7/10/2011 8:00:00 AM

Valid to:

7/10/2012 7:59:59 AM

Subject:

CN=DOTFIX SOFTWARE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DOTFIX SOFTWARE, L=Tula, S=Tulskaya obl., C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6B078FDCA54C390683B44D59AB1B726B

File PE Metadata

Compilation timestamp:

8/31/2011 3:46:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:TSf5f1neAdXxl1HbMM6lTOLAhUKX/+AFKTHjrL7fQMVM4RMMhMbrrhfJ5meGcW:2fVLX7GMMOL/gGAFKjjr/+pX5GcW

Entry address:

0x88C2D8

Entry point:

60, E8, 00, 00, 00, 00, 5D, 81, ED, 06, 00, 00, 00, 81, ED, D8, C2, 88, 00, E9, 4C, 00, 00, 00, 45, 4E, 49, 47, 4D, 41, 02, 46, DB, 07, 08, 00, 1E, 00, 13, 00, 2E, 00, 2A, 00, D1, E0, 48, AA, C8, BE, D7, 26, 54, 68, E1, CA, 3D, A8, D7, CC, 48, BD, 40, EF, 01, 00, 00, 00, 89, 8A, 47, 27, 78, 91, 08, 0E, 2F, 0F, 26, 2B, 9E, 3E, C9, 79, 11, C8, FD, 23, D4, A8, 68, 08, 05, CF, DB, 57, E3, DF, EB, B5, E9, 04, 00, 00, 00, 41, 2A, 3E, A8, B8, D8, C2, 88, 00, 03, C5, 81, C0, 93, 00, 00, 00, B9, 2A, 06, 00, 00, BA... 
[+]

Entropy:

7.9596

Packer / compiler:

ASPack v1.08.04

Code size:

2.5 MB (2,650,112 bytes)

Scheduled Task

Task name:

{8BF2AD88-D5C7-46A5-A3CB-09B5E5D8609C}

Trigger:

Registration (Runs on registration)

The file VB Decompiler.exe has been discovered within the following program.

VB Decompiler Pro by DotFix Software

Publisher's description - “VB Decompiler is decompiler for programs (EXE, DLL or OCX) written in Visual Basic 5.0 and 6.0 and disassembler for programs written on .NET technology. As you know, programs in Visual Basic can be compiled into interpreted p-code or into native code. .”

www.vb-decompiler.org

5% remove it

Scan VB Decompiler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.