blindwrite7_setup.exe

BlindWrite 7

VSO-SOFTWARE

This is a setup and installation application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from blindwrite.it.softonic.com and multiple other hosts.
Publisher:
VSO Software   (signed by VSO-SOFTWARE)

Product:
BlindWrite 7

Description:
BlindWrite 7 Setup

MD5:
27979dc3eb1be3f7c43642c7a031e73f

SHA-1:
8b357a5613b5f348e0105d9dbb84ef42550016ee

SHA-256:
f016b76a08090fc7a18e8e104cd8470977c523645ef203a0997aedc29030da43

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 9:45:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

File size:
13.8 MB (14,457,872 bytes)

Product version:
7.0.0.0

Copyright:
2003 - 2009 VSO Software

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\blindwrite7_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/22/2012 7:00:00 PM

Valid to:
5/22/2015 6:59:59 PM

Subject:
CN=VSO-SOFTWARE, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=VSO-SOFTWARE, S=TOULOUSE, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71CE554954ADC837C1FD05FD4FB92F24

File PE Metadata
Compilation timestamp:
10/9/2012 3:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:p7Pb1RmOXrsD/VerSrmAz3TzhV4GXLUQYkOhN7KdpFmci:pDz7rIESrmAzR/TY7KBFi

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Entropy:
7.9991

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

Scheduled Task
Task name:
{5E659FD5-E543-4C56-9D13-9AF67F8AE1E4}

Trigger:
Registration (Runs on registration)


The file blindwrite7_setup.exe has been seen being distributed by the following 18 URLs.

https://blindwrite.it.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANLnJUMTL0duEOF2Tlbvaa5RfrLbxjfO8ODEYlZr2Fo1S4r1zDkkfGxCysFGcTeQjFUkZgwRkfGNiAZm2Wk7dUv0PB5wo0PD6oGT8w EL5XV01cMjIz/.../z3KF6vMOGHvIu5MswRSUmQSUny9Gybs1n8OlazP5oMtVE7hjw==

https://www.vso-software.fr/download_product_direct.php?product=blindwrite

http://filetarget.net/@_vso.php?pd=bw&dl=1

http://it.vso-software.fr/download_product_direct.php?product=blindwrite

http://gsf-cf.softonic.com/8b3/57a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16313&instance=softonic_en&type=PROGRAM&Expires=1440362577&Signature=VcONkOxo8VxHRrmMaLcGyNcX0tc8dKhzeohDNhcvp4jIHquJZHFazYH-j-5LIfa-dUHs1ES0wHZGzPHC4r0yrY-Cf3xasD3zS5PcJbffViT3pC4LW~2qMzyXh370B4zWWACCtzs7yWvOFxPUiRZISP6rNni9plJdmu-Ehu9sPRE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Blindwrite7_setup.exe

http://gsf-cf.softonic.com/8b3/57a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16313&instance=softonic_pl&type=PROGRAM&Expires=1445243879&Signature=XQcwxHT7~0d17zUBoZfwYtVoL2QLGjXjXMFoW7nu-lynfi5iaBpdlSWOdsOLfFpeWEhZSKhPvGKy63-pOm45A6a5zCADS8bIt28ssDRIw7pa3WklFPysd2IksSCWjmqIYOPjl12oi4efdRCF-gi9dVg8dNicFDh8uTD3HSHCJpM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Blindwrite7_setup.exe

Scan blindwrite7_setup.exe - Powered by Reason Core Security