» winpcap_4_1_2.exe
Overview
Analysis
File Details

winpcap_4_1_2.exe

WinPcap 4.1.2

CACE Technologies, Inc.

The executable winpcap_4_1_2.exe, “WinPcap 4.1.2 installer” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer.

File name:

winpcap_4_1_2.exe

Publisher:

CACE Technologies, Inc. (signed and verified)

Product:

WinPcap 4.1.2

Description:

WinPcap 4.1.2 installer

Version:

4.1.0.2001

MD5:

acfc0958424bcc58bd252901b74a33e5

SHA-1:

d916c57c816c00668697bf0234e478bfea86202c

SHA-256:

012de978f1772f02e67c190ad5b7a296d43025d8c4e4d50c7f07fdfd0020dcf1

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

4/26/2024 1:46:26 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160118-1

AVG

Win32/Mabezat

2015.0.4522

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

McAfee

Virus.W32/Mabezat.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5087.0

Norman

Win32.Worm.Mabezat.Gen

11.01.2016 17:30:26

VIPRE Antivirus

Threat.303962

46830

File size:

1 MB (1,070,399 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Language:

English (United States)

Common path:

C:\Program Files\cain\driver\winpcap_4_1_2.exe

Digital Signature

Signed by:

CACE Technologies, Inc.

Authority:

VeriSign, Inc.

Valid from:

5/7/2008 12:00:00 AM

Valid to:

5/7/2011 11:59:59 PM

Subject:

CN="CACE Technologies, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="CACE Technologies, Inc.", L=Davis, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

489613E7DD6964B152A4E8F71813E76A

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:21IxM4kC4OeM29oYMHX2zCzna5nYEx2JRbd4ny:9mtzDxMHEC6nHAhdl

Entry address:

0x30FA

Entry point:

BB, 48, 53, AD, A4, 93, E9, 20, 01, 00, 00, 74, 1A, 7D, 79, 25, A9, 7D, 79, CD, F6, 0A, FD, FD, 7D, FD, FD, 8A, FD, FD, FD, 5C, 2E, 33, 2E, 2D, 2E, 36, 34, 33, FD, FD, FD, 71, 5E, 77, 62, 5F, 5E, 6A, 5E, 2B, 61, 69, 69, FD, FD, FD, FD, 59, FD, FD, FD, 43, 6F, 62, 62, 49, 66, 5F, 6F, 5E, 6F, 76, FD, 40, 6F, 62, 5E, 71, 62, 41, 66, 6F, 62, 60, 71, 6C, 6F, 76, 3E, FD, FD, FD, FD, 44, 62, 71, 54, 66, 6B, 61, 6C, 74, 70, 41, 66, 6F, 62, 60, 71, 6C, 6F, 76, 3E, FD, FD, FD, FD, 44, 62, 71, 4A, 6C, 61, 72, 69, 62... 
[+]

Code size:

23.5 KB (24,064 bytes)

Remove winpcap_4_1_2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.