home

xp68-win-ip7200-5_60a-ea32_2.exe

Canon Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from pdisp01.c-wss.com and multiple other hosts.
Publisher:
Canon Inc.  (signed and verified)

MD5:
69b11c203f391bfb98fafbde166e4d79

SHA-1:
c9c8184f2c7bb86c62655405fd2316e9f84df81f

SHA-256:
9e6299f7d8974fb68780cc5ffd665b366f20f899ad297bd06b63ea6d8ce04ff7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/9/2024 8:57:59 PM UTC  (today)

File size:
26.2 MB (27,422,288 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\xp68-win-ip7200-5_60a-ea32_2.exe

Digital Signature
Signed by:
Canon Inc.

Authority:
VeriSign, Inc.

Valid from:
4/16/2012 2:00:00 AM

Valid to:
4/17/2013 1:59:59 AM

Subject:
CN=Canon Inc., OU=Inkjet System Development Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Canon Inc., L=Kawasaki-shi, S=Kanagawa, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72ACD79546C6E0B523B123D763EFE617

File PE Metadata
Compilation timestamp:
11/2/2009 9:24:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
786432:nuWPLM+OT95Q+fx6Or0zZkbeqDcXrfsoKLL3:uy3OTwi6Or2ZkbfcXrUoKLL3

Entry address:
0x1479F

Entry point:
E8, 02, 67, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D8, C9, 42, 00, 75, 02, F3, C3, E9, 82, 67, 00, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 18, 48, 41, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 54, E6, 00, 00, 8B, 45, 0C, 8B, 40, 04, 83...
 
[+]

Code size:
144 KB (147,456 bytes)

The file xp68-win-ip7200-5_60a-ea32_2.exe has been seen being distributed by the following 15 URLs.

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ARH&lang=EN

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=SE

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ACY&lang=EN

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=FR

https://d3.driverscollection.com/6e9c7e42b3f7/29dfee8c81b28657b75b29c2e4fe39dbdbc9eb749d86bf2d315fb8462972874c99583e19c0836385814f60264093215d5829ee99/4/32/10/.../xp68-win-ip7200-5_60a-ea32_2.exe

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ACB&lang=EN

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=ES

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ARH&lang=ES

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=IT

http://s6224.chomikuj.pl/File.aspx?e=TAwD3sRb7DvxA5nJ25A8KckHWBnozzRfPYUDR8ayIp_qwjtMS3Kz6E_Mnf3-8EW1Jrs6fkWxN4lUsuOY2G66fPoOWGnFJPsj_37amsM78cldiiX2a4MNVXB7W4ysiL4RuFPivEsbqgg01BS-O-elm0c9GDCvb4w1aNlPjOMfEC4&pv=2

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=DE

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=EN

http://gdlp01.c-wss.com/gds/8/0100004548/.../xp68-win-ip7200-5_60a-ea32_2.exe

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=DK

http://pdisp01.c-wss.com/.../WWUFORedirectTarget.do?id=MDEwMDAwNDU0ODAy&cmp=ABX&lang=NL

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.