home

ar500enu.exe

PackageForTheWeb Stub

InstallShield Software Corporation

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from dbill.ptcl.net.pk.
Publisher:
InstallShield Software Corporation

Product:
PackageForTheWeb Stub

Version:
2.02.001

MD5:
535a94ae1cc245d5a5e5ae1eddaaebb1

SHA-1:
a59bb70bf418067bb2323992ff6c2b6376c05b01

SHA-256:
8d69d18ee9901b8445feea949ac7b3c9e74a132805946d4b6a5bea7201f4d679

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:52:38 AM UTC  (today)

File size:
8.5 MB (8,893,800 bytes)

Product version:
2.02.001

Copyright:
Copyright © 1996 InstallShield Software Corporation

Original file name:
STUB32.EXE

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ar500enu.exe

File PE Metadata
Compilation timestamp:
3/26/1998 7:31:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
196608:nZFkAvtkMbVOn2AYSr/3C9FYWKrRSVSupLiP2obW8cZ6Hf4rjjcaR:ZFkAvtwnjYSWQWuohAPDW8I8+caR

Entry address:
0xC110

Entry point:
60, 69, ED, 4D, 71, B5, FF, C6, C3, 41, 30, CD, 11, CF, 3B, F0, 2A, F8, 78, 08, 81, F7, 14, CD, 76, 5A, B5, 8B, 87, CA, 88, C3, 8D, 05, 86, 6D, 04, C2, 74, 0E, 8B, DF, C7, C1, 01, 20, E9, A3, 8D, 0D, 57, 0A, B1, 0A, F2, C6, C7, 06, 8B, C0, 8B, C8, 0F, B6, CE, 8D, 28, 87, DF, 0F, AF, D7, 0F, B7, D1, EB, 0A, 69, C7, 8F, D1, CD, 7F, 04, 31, FF, CB, 33, F5, 0F, AF, F9, 24, D8, 89, F2, EB, 03, F2, 85, C9, C7, C2, AC, 67, C1, 92, 69, D7, 40, B1, 6E, 3C, 0F, AF, FA, C6, C2, 2F, E8, 19, 00, 00, 00, EB, 08, 0F, AF...
 
[+]

Entropy:
7.9966  (probably packed)

Code size:
67.5 KB (69,120 bytes)

The file ar500enu.exe has been seen being distributed by the following URL.

https://dbill.ptcl.net.pk/.../ar500enu.exe

Scan ar500enu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.