home

aldo_cambio_di_guastalla.exe

Primi Libri

vbscuola

This is a setup program which is used to install the application. The file has been seen being downloaded from www.webalice.it.
Publisher:
vbscuola

Product:
Primi Libri

Description:
Libro elettronico

Version:
5.01

MD5:
f78a23a31b2a9b6f60c5fef66c7e79fe

SHA-1:
f7a35ea8df8e4b72558c694420d6c6dfb8769127

SHA-256:
8c39982e048d96fc5fba92033052775e6ed78b898be7ab34389bcbac3a14fea9

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/26/2024 12:50:11 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0301
7.2.20

File size:
3.1 MB (3,266,128 bytes)

Product version:
5.01

Copyright:
vbscuola 2009

Original file name:
LibroModello.exe

File type:
Executable application (Win32 EXE)

Language:
Italian (Italy)

Common path:
C:\users\{user}\downloads\aldo_cambio_di_guastalla.exe

File PE Metadata
Compilation timestamp:
3/21/2009 12:31:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:C5IUD4UdrZpfoOO+faE2d4RvgTlrU1WDnXA6:C5IxUdrZSO/SNmRIWSl

Entry address:
0x11D4

Entry point:
68, 9C, 1D, 40, 00, E8, F0, FF, FF, FF, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, EE, 28, 9B, 62, C3, D5, A7, 4B, 94, D8, EB, B7, 96, C5, 5E, EB, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 69, 62, 72, 6F, 5F, 4D, 6F, 64, 65, 6C, 6C, 6F, 5F, 50, 52, 49, 4D, 49, 4C, 49, 42, 52, 49, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 65, 13, 35, 7B, 88, F8, 9B, 46...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
120 KB (122,880 bytes)

The file aldo_cambio_di_guastalla.exe has been seen being distributed by the following URL.

http://www.webalice.it/plfarri/.../Aldo_Cambio_di_Guastalla.exe

Scan aldo_cambio_di_guastalla.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.