» whacko_avs_iv.exe
Overview
Analysis
File Details
Downloads (1)

whacko_avs_iv.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.nullsoft.com.

File name:

whacko_avs_iv.exe

MD5:

75887f23018045f4f681b0fe188eacc0

SHA-1:

5825ae5f1c5d0fcec5a968979d80c7e142637c74

SHA-256:

81ebda14e176011d3c7dfde640be60b352c7c9f9b360f3d46a5dbba9af1871e7

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 6:47:10 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V0415

7.2.1

File size:

241.3 KB (247,089 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\whacko_avs_iv.exe

File PE Metadata

Compilation timestamp:

2/7/2002 3:31:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Pl97uhbPNqSXn8s48XC3XScsdhEybuXtX:PltUqSX/IpuEt9X

Entry address:

0x45E3

Entry point:

83, EC, 0C, 53, 56, 57, FF, 15, B4, 70, 40, 00, 05, E8, 03, 00, 00, BE, E0, DF, 41, 00, 89, 44, 24, 10, B3, 20, FF, 15, 28, 70, 40, 00, 68, 00, 04, 00, 00, FF, 15, 20, 71, 40, 00, 50, 56, FF, 15, 28, 71, 40, 00, 80, 3D, E0, DF, 41, 00, 22, 75, 08, 80, C3, 02, BE, E1, DF, 41, 00, 8A, 06, 8B, 3D, F0, 71, 40, 00, 84, C0, 74, 0F, 3A, C3, 74, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 80, 3E, 00, 74, 05, 56, FF, D7, 8B, F0, 89, 74, 24, 14, 80, 3E, 20, 75, 07, 56, FF, D7, 8B, F0, EB, F4, 80, 3E, 2F, 75, 21... 
[+]

Packer / compiler:

Nullsoft PiMP Install System v1.x

Code size:

24 KB (24,576 bytes)

The file whacko_avs_iv.exe has been seen being distributed by the following URL.

http://download.nullsoft.com/customize/component/2002/3/30/.../Whacko_AVS_IV.exe

Scan whacko_avs_iv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.