home

vip.exe

gabriel perez martinez

This is a setup program which is used to install the application. The file has been seen being downloaded from vip.9fx.us and multiple other hosts.
Publisher:
gabriel perez martinez  (signed and verified)

Description:
VIP by Movistar

Version:
0.2.68.0

MD5:
ef441e3b55864e7cf642c70f42c99f64

SHA-1:
374dc4d73b8dd35fcca34c5646e6357b9903c5fc

SHA-256:
a2ea85cc50a33207094faa7838b776f013bd8efc1d730fbc55ee51951e44e220

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 6:18:54 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAtPSINF
1.3.0.7383

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

File size:
1.2 MB (1,249,160 bytes)

Copyright:
(c) 116331 & 138264

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vip.exe

Digital Signature
Signed by:
gabriel perez martinez

Authority:
thawte, Inc.

Valid from:
6/3/2015 2:00:00 AM

Valid to:
6/3/2016 1:59:59 AM

Subject:
CN=gabriel perez martinez, OU=Individual Developer, O=No Organization Affiliation, L=fresno del camino, S=León, C=ES

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
482F657B343684676E9417FFE2B69EA9

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:aRmJkcoQricOIQxiZY1iav5Xwoi5lUuA63AUxeWj7HHPHr7hr:/JZoQrbTFZY1iav5goiAunxeAvL7l

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Code size:
514 KB (526,336 bytes)

The file vip.exe has been seen being distributed by the following 2 URLs.

http://vip.9fx.us/index.php/descarga/.../8-descargas-programa-vip-ejecutable?download=5:ejecutable-vip

http://touch.kaspersky.com/.../1452795524

Scan vip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.