» гистология лечпедмедпроф 2012 - копия.exe
Overview
Analysis
File Details
Downloads (1)

гистология лечпедмедпроф 2012 - копия.exe

Adit Testdesk

Adit Software

This is a setup program which is used to install the application. The file has been seen being downloaded from cloclo18.datacloudmail.ru.

File name:

Publisher:

Adit Software

Product:

Adit Testdesk

Description:

Adit Testdesk Embedded Tester

Version:

2.50.2276

MD5:

88a505b19617e2b49fbd2440f02798b7

SHA-1:

df06b8da203dc7335680fcd67a2f0603b1f54f65

SHA-256:

a512d1ea02e7d76579f58e70a13272b28fb2fc82f297e363eccaa0f864f49e78

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/23/2024 2:26:18 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15321

Trend Micro House Call

Possible_Virus

7.2.82

Trend Micro

Possible_Virus

10.465.23

File size:

8.8 MB (9,205,753 bytes)

Product version:

2.50.2276

Original file name:

Testviewer.c32

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

5/22/2012 12:25:30 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:CCeEG256W27eBKAZRb4wlMAXqa/YryP4RkK86MSS:teEx56vujZRbhM6tQrx1U

Entry address:

0xF8F000

Entry point:

EB, 05, FE, D2, 97, 96, EB, 50, EB, 04, B9, 1D, A6, 4A, E8, 19, 00, 00, 00, EB, 04, C6, DD, 11, 0F, EB, 03, 8D, 94, 07, 33, C0, EB, 01, 7A, 71, 64, EB, 05, FF, 9F, DA, F9, 4A, EB, 03, C1, A0, A8, B8, 3A, 48, F9, F6, EB, 03, 65, 8E, 96, EB, 03, D0, 5C, 51, 05, C6, B7, 06, 09, EB, 05, C7, 98, EC, C3, 06, 75, 3B, EB, 03, B9, C1, C3, 64, FF, 30, EB, 05, FF, 8C, A2, 49, D0, 64, 89, 20, EB, 01, 02, EB, 04, 89, A5, BA, 2F, 8B, 10, EB, 03, D2, 76, 31, 64, 8F, 00, EB, 03, F6, 9E, B8, 83, C4, 04, EB, 03, 69, 46, 46... 
[+]

Code size:

9.4 MB (9,827,840 bytes)

The file гистология лечпедмедпроф 2012 - копия.exe has been seen being distributed by the following URL.

https://cloclo18.datacloudmail.ru/weblink/get/.../?????????? ????????????? 2012 - ?????.exe

Scan гистология лечпедмедпроф 2012 - копия.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.