home

vsubst_1.0.6.exe

Visual Subst

Alexander Avdonin

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with Visual Subst. The file has been seen being downloaded from www.netzwelt.de and multiple other hosts.
Publisher:
NTWind Software  (signed by Alexander Avdonin)

Product:
Visual Subst

Version:
1.0.6.0

MD5:
b183e3061dd2bfe8e090d553ffc85df4

SHA-1:
6c2c5118b4281bd1792ba532dd4b79727dc0bf10

SHA-256:
d2d4e1ab1aa92cffebf215b224d3d89e5ad0d77f01fa078167fb5a7dbb5353f5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 9:23:06 PM UTC  (today)

File size:
110.4 KB (113,096 bytes)

Product version:
1.0.6.0

Copyright:
© 2006-2008 NTWind Software

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vsubst_1.0.6.exe

Digital Signature
Signed by:
Alexander Avdonin

Authority:
The USERTRUST Network

Valid from:
2/26/2007 7:00:00 PM

Valid to:
2/27/2008 6:59:59 PM

Subject:
CN=Alexander Avdonin, O=Alexander Avdonin, STREET=Menshikovsky pr. 3-25, L=Saint Petersburg, S=Saint Petersburg, PostalCode=195067, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
3E5ABF29BA6BBDFBC0CB1793FE97875A

File PE Metadata
Compilation timestamp:
7/14/2007 11:12:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OYG6UVYxmJPbOrvlQwq32J+FoyGQ//FdDw:7hDrUm8FFGe

Entry address:
0x3265

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 78, 72, 40, 00, 6A, 08, A3, F4, 3F, 42, 00, E8, C7, 2A, 00, 00, A3, 44, 3F, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 00, F5, 41, 00, FF, 15, 54, 71, 40, 00, 68, 1C, 92, 40, 00, 68, 40, 37, 42, 00, E8, A3, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 91, 27, 00, 00...
 
[+]

Entropy:
7.6493

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file vsubst_1.0.6.exe has been discovered within the following program.

Visual Subst  by NTWind Software
Publisher's description - “Visual Subst is a small tool that allows you to associate the most accessed directories with virtual drives. It uses an API similar to the console 'subst' utility, but makes it easier to create and remove virtual drives in a GUI way.”
www.ntwind.com/software/utilities/visual-subst.html
10% remove it
 
Powered by Should I Remove It?

The file vsubst_1.0.6.exe has been seen being distributed by the following 18 URLs.

https://www.netzwelt.de/.../9872_2-visual-subst.html?sig=ef9b0869a9c22198049531504c5a3ff3

https://visual-subst.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPSrYusXNoXmQc9Q4pHzEhsIv1rY9DnwGWoMMBNufET kM6iVPFssd2LvFPK1jSIL0h4Jk8T0bqr4VG8S3qgozoVmLJBga/FYAG7x9/.../ot1Y 0GSOWZePQ 6xoY3Anx0=

http://visual-subst.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPSrYusXNoXmQc9Q4pHzEhsIv1rY9DnwGWoMMBNufET kM6iVPFssd2LvFPK1jSIL0h4Jk8T0bqr4VG8S3qgozoVmLJBga/FYAG7x9/.../ot1Y 0GSOWZePQ 6xoY3Anx0=

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1448160019&Signature=GrX944hOWLmtPNJyYrdS3i1JNu97Lhwt0cJyuuCQCbS86JenNi0jk0UvtSB0Hs4L~5J0XFDInx4dbb1k1HREaibSvPwVdke235yTcrl9UOs9fSrqJ9smQy-nJZb87Fk6jxUq~DgsW2vy5vS1Y1L-2wHcDdJMgGUsYUiHWJbbKBU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1466312731&Signature=hzRaotgVa2AUGgiPr0q6qOy~g2FhlJuwudrjrwizbWQwKcRyQR4WskKmRfCoWrq-BmTzLpQSjv79P4fOIa~K58QU0Nv5HPRBeSvdxh0le0g7paSz8L~djm6rYuFwN74MNjR9eUDjoQzg9aa7ZsW8l08rDt-R26XG8Eu8A0lghA4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1466937918&Signature=FmWyN--YAYy0MoZITgFLuOIFe6vTwykwULDDWkl6UV0~aDa9RrcrC78nJQOnIUlCKUHuxk--GZDM1kj7-5KuyVjJ4NYA5Hc5CQnRP1QceRusPjQlQRD6So2dHBTumAnUcDlpZElLKKq9QrYdmCxGNVxAmf0nLcIWn1wqxOxUuMI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1460315870&Signature=iS9ac8xvMPlutRkSR-cpnDW~x0kDdjtzzRkAY5Qw6YLOM~it1RK2XJqwQkBIKLUeguuyHH9OEI6JN6du56XvlQUiPnrddJez6WdDp5XkxbqwwLrtgkQ8nb~FaxVWNIVDXUFyT9AF2Jx7RvkL14X7iMRCzq4YIYzSGoxHH8axiRA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1450421628&Signature=M7wMxNOjXXKs8cCbzGm~x9AFKjWyEuWHgCUAbjn6t6qg8s-wmRjUGWZePxs-~eMz3osUcwg3WhlATAaVnMy4TAy2VEafVmC74yzwdKdF1DBEr6Y4SmrKHFRlsm95w7B7gbnOdNB8qifW1F3JPJ-e8q9YdeQ8ILcQA7R1wAoTr7c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1466316848&Signature=IvHWxgu4iLSARnRtBT~jMaLtXlRZsD2N0Ok-px5-qW87c8bS1NMTQAJIm4JtUGUWjysBa3ZydImQkJepREHCi11yo290M1W8EF3dw6wyJv9ssEDhdHPlaYmWnD8m8lH4~9uFRDSzVMTo0EYtfaoeUQ7OI6rlLtzIfcobD~KXaU8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://files.downloadnow.com/s/software/10/99/09/.../VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1458781190&Signature=Xh12Ji-glX~GLuT9WmwZpPGyOxM-kGX7tK8sFG9WPhcUwEiIAfsyemVQpYEPklNuhqk9Q-BM1t~-~09JIToLoEspsJ5KISKXloDCoKACWlbYDwCJ4iFxwuySoiJFslfRtaFydYj4UyjuO-d9cSOiCvO6trKsxljB1LN9AJCN6iA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1458513525&Signature=hXe~9DjbL8PHobdslqmFRKEpdrMurjLxPuykV6WNUaINKPv4XRIbaHf5lUIRckt4HOWrxtQjJ8rMKHEm6LjLlkS~XFndMKfuN-QbvO2GqqCwAb01BayIFVViFLs1ITD1FNFfhQbvXdi93mObFZUaQwUR0Nlh1i899Jhv3krBZZ0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1458400122&Signature=BbhOrXB2cO5L5eASVak2Dq58zplk~FdNoBdri6xsePvCHi~SIOTjCF~ImvR9scTzYiwjzqkSwgdyt9yOse7YoNCH5e~-9no1mhj~L2hCGWUlvoHCGF0tsHFEGdmbT4MMQEx4-7HsmxekU5j8HxaYz~aUBPLB3~7yf2i5nilRXCE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1456889842&Signature=GHdttSTj9~LpnU5Y2onpyeqBE8xOMj-QzjpXY6b~I5ffH4OCd1ah3BTc5012th9ssI88gaqqcM0cIWxP021oj~4RtUSG~TgdDdVuGC~tahSSV4pM2LduGWtwOT6A1HnKeoptFbEjbMNm5Y1~KvYd6l~SQzQlFEvhpJvr3Oq0XLQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://gsf-cf.softonic.com/6c2/c51/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55994&instance=softonic_en&type=PROGRAM&Expires=1452908109&Signature=COdkdtQD-tlqqN6ox0BhzXWH8se5jlXevyMsbBAlYsx1ECIw37InHAxq0f-G2IAIQVt4tMVguS9bvLWCMbjI4RgWfqB7EnMP4MrbpiGrS6cc60bbHlDqwOevGOP-VV3mTJQ4-iSLB2P~n-d0AaT1-YJgh98gvowpSCnNUCCx0kE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VSubst_1.0.6.exe

http://software-files-a.cnet.com/s/software/10/99/09/.../VSubst_1.0.6.exe

http://files.ntwind.com/.../VSubst_1.0.6.exe

http://www.ntwind.com/.../VSubst_1.0.6.exe

Scan vsubst_1.0.6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.