home

winscp575setup.exe

WinSCP

Martin Prikryl

The executable winscp575setup.exe, “Setup for WinSCP 5.7.5 (SFTP, FTP and SCP client) ” has been detected as malware by 16 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from cdn.winscp.net.
Publisher:
Martin Prikryl

Product:
WinSCP

Description:
Setup for WinSCP 5.7.5 (SFTP, FTP and SCP client)

Version:
5.7.5

MD5:
cf6ef775ccf0c9ff18c8ec0dc36c9453

SHA-1:
cf986a6dce639b6aed3943adb6c58a862dd572a5

SHA-256:
5330ce8767d5358f6f90d55780c53127691b35d80c9cb3a625ed65d5639dd4f6

Scanner detections:
16 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/25/2024 2:26:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
5813571

avast!
Win32:Parite
160118-1

AVG
Win32/Parite
2015.0.4477

Clam AntiVirus
Win.Trojan.Application-1470
0.98/21326

Dr.Web
Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
10.0.0.5366

ESET NOD32
Win32/Parite.B virus
7.0.302.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.4990.0

Norman
Win32.Parite.B
11.01.2016 17:30:26

Sophos
Virus 'W32/Parite-B'
5.23

VIPRE Antivirus
Threat.46249
46838

File size:
5.8 MB (6,039,510 bytes)

Product version:
5.7.5

Copyright:
(c) 2000-2015 Martin Prikryl

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winscp575setup.exe

File PE Metadata
Compilation timestamp:
7/9/2014 4:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:JIWD3QY5WZsNeiN4DZs4dH3CetKTlWDdOUimzSqg5X3+CCEn9+Vknzd159yh/8l5:JIogWe7UKNdHSWKTlSdOUXS1Z4Ed1597

Entry address:
0x33000

Entry point:
BB, 88, 9F, F2, 05, 90, BF, 1C, 30, 43, 00, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 1C, 3E, 90, 90, 83, EE, 02, 83, EE, 02, 75, F3, 60, E2, F3, 05, 88, 9F, F2, 05, 88, 9F, B2, 05, 34, 8C, F3, 05, 00, EF, AB, 05, 5E, E8, AB, 05, 88, 2F, F0, 05, 77, 60, 0D, FA, B8, 0C, B3, 05, 6E, 0A, B3, 05, 78, 0A, B3, 05, AC, 8E, F3, 05, 6C, 0A, F3, 05, 66, 0A, F3, 05, B8, 8C, F3, 05, 6C, 0A, F3, 05, 66, 0A, F3, 05, 88, 9F, F2, 05, 88, 9F, F2, 05, 88, 9F, F2, 05, 88, 9F, F2, 05, 88, 9F, F2, 05, 88, 9F, F2, 05, 88, 9F, F2, 05...
 
[+]

Code size:
63.5 KB (65,024 bytes)

The file winscp575setup.exe has been seen being distributed by the following URL.

https://cdn.winscp.net/.../winscp575setup.exe

Remove winscp575setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.