home

VundoFix.exe

VundoFix

Atribune.org

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Atribune.org

Product:
VundoFix

Description:
VundoFix.exe

Version:
7.00.0006

MD5:
47c30bc6c5161307ea9b8b12ba8b5af9

SHA-1:
0d3371b04ac5836531be4c282e4af89ab37061b6

SHA-256:
c5f067671135a3786712f6eb9ac9ac24ecb713d0c27bc39b51bbe9dbbbd57729

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 2:22:01 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Rising Antivirus
PE:Trojan.Win32.Generic.14C5C4D8!348505304
23.00.65.14326

File size:
117 KB (119,808 bytes)

Product version:
7.00.0006

Copyright:
© atribune.org

Original file name:
VundoFix.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vundofix.exe

File PE Metadata
Compilation timestamp:
6/21/2008 4:19:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:PlAv1QNY8nHBhrmVTBgh3Ral0ETwVf0JZjhK6txrbXG3p:nH3XRazTUShK6txrze

Entry address:
0x3F80

Entry point:
B8, 5C, 53, 4A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, E9, F2, B7, F7, 50, 04, 38, A4, E3, AF, 3D, 35, DE, 07, 8E, 67, D7, AD, F7, 05, 34, A4, A4, 76, 73, B5, E5, 6B, 01, D4, 53, 42, C8, BB, DC, DC, 0B, 3D, 12, 9B, 31, 8F, E2, E6, A9, BF, EB, C7, 48, 77, 11, 02, 66, 4A, F0, BE, 0E, BB, D1, 45, 0C, E5, 9E, 4E, AB, 96, 04, 4E, 1C, 04, C5, 92, FC, B6, D3, 72, EF, 84, 8B, F3, 12, DC, 93, F7, 7F, 13, 43, FC, 64, 84, 6E, 93, A9...
 
[+]

Entropy:
7.8643

Packer / compiler:
PECompact v2

Code size:
588 KB (602,112 bytes)

The file VundoFix.exe has been seen being distributed by the following 6 URLs.

http://gsf-cf.softonic.com/0d3/371/.../file?SD_used=0&channel=WEB&fdh=no&id_file=73394&instance=softonic_en&type=PROGRAM&Expires=1441270058&Signature=JX5y9-zs0ACcSdLe6H8xA~ZjrQuO-YWxJS1~YqdPKEaII9MtGa0YvetnyEDh1Gexe7lZVhBZG5ZXLhA3AyfHkAqewVqfStjlsrXHv6FNoDJ~K-A-0iS4KJJ68wqEoght45Lam4LzC~Aah9GrfZ3HaGTz7KzQEO6P6Z7LJOVjihU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VundoFix.exe

http://gsf-cf.softonic.com/0d3/371/.../file?SD_used=0&channel=WEB&fdh=no&id_file=73394&instance=softonic_en&type=PROGRAM&Expires=1437286866&Signature=gxQEepLQWrOVahfozKAR-MGdTo-YJeuLf5ZqGewdX1EZRME1O9OMyhfUI0oowsy6pDf3NHG0eK4bsK3m04QPjUgu3lYmrxEIidlOVXjCPHOiktDx7w4RDKnVqVY6-vWlF3uVhTLodz426azHuj34hj2iddAH8qPIHf4dAB3ntYw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VundoFix.exe

http://dw.it.uptodown.com/dl/1427368213/.../vundofix-7.0.6.exe

http://files2.majorgeeks.com/c1c6fff1643a3af5bd167488ff19012d/.../VundoFix.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://www.atribune.org/.../VundoFix.exe

Scan VundoFix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.