home

windows6.1-kb976932-ia64.exe

Self Extracting Stub

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from www.download3k.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Self Extracting Stub

Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)

MD5:
c0a186b85239bfab823b22ff74c192b2

SHA-1:
1ab97593f6f625392ca90b18f7617b0797a46f1c

SHA-256:
12f82b736f6d29813ab7c93e10b6cbe308e7e9236428f624dc614447fe24f6be

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/19/2024 5:37:43 AM UTC  (today)

File size:
511.6 MB (536,437,704 bytes)

Product version:
6.1.7601.17514

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SfxStub.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\windows6.1-kb976932-ia64.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/8/2009 12:57:40 AM

Valid to:
3/8/2011 12:57:40 AM

Subject:
CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6115230F00000000000A

File PE Metadata
Compilation timestamp:
11/20/2010 11:18:52 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12582912:d+osZEMP/M2AtIh5olNosX8IBB9UGYnJlhEvOq5SJj:YoVMnM7KclNQm9UGGFGoJj

Entry address:
0x2290

Entry point:
E0, 48, 01, 01, 00, 00, 00, 00, 00, 60, 22, 01, 00, 00, 00, 00, 40, 49, 01, 01, 00, 00, 00, 00, 00, 60, 22, 01, 00, 00, 00, 00, A0, 4B, 01, 01, 00, 00, 00, 00, 00, 60, 22, 01, 00, 00, 00, 00, B0, 22, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 49, 6E, 76, 61, 6C, 69, 64, 20, 70, 61, 72, 61, 6D, 65, 74, 65, 72, 20, 70, 61, 73, 73, 65, 64, 20, 74, 6F, 20, 43, 20, 72, 75, 6E, 74, 69, 6D, 65, 20, 66, 75, 6E, 63, 74, 69, 6F, 6E, 2E, 0A, 00, 00, 00, 00, 00, 00, 00, 00, A0, 51, 01, 01, 00, 00, 00, 00...
 
[+]

Entropy:
7.9944  (probably packed)

Code size:
136 KB (139,264 bytes)

The file windows6.1-kb976932-ia64.exe has been seen being distributed by the following 5 URLs.

http://www.download3k.com/DownloadLink2-Windows-7-Service-Pack-1.html

http://download.windowsupdate.com/msdownload/update/software/updt/2009/.../windows6.1-kb972813-x64-pl-pl_6b228326c2f7ef6406242671600b499746ff3454.exe

http://www.download3k.com/DownloadLink3-Windows-7-Service-Pack-1.html

https://download.microsoft.com/download/0/A/F/.../windows6.1-KB976932-IA64.exe

http://download.microsoft.com/download/0/A/F/.../windows6.1-KB976932-IA64.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.