home

{blocked}.exe

RoboForm

AVAST Software a.s.

This is a setup and installation application. The file has been seen being downloaded from wgtot23.digitalriver.com and multiple other hosts.
Publisher:
Siber Systems  (signed by AVAST Software a.s.)

Product:
RoboForm

Description:
RoboForm Installer and Uninstaller

Version:
7-6-3

MD5:
40fd854708d736b9f285c2d5c3068f74

SHA-1:
00de40bf92177f8de4f5af62e279c29e69e41d48

SHA-256:
052a1d2373ec48e08a9cbde60f42a9861ba4119215d9e9f0f19433cddaac4f86

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/28/2024 2:45:19 AM UTC  (today)

File size:
7.4 MB (7,796,120 bytes)

Product version:
7-6-3

Copyright:
Copyright (C) 1999-2011 Siber Systems Inc.

Original file name:
rfwipeout.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads vechi\avast_easypass_setup.exe

Digital Signature
Signed by:
AVAST Software a.s.

Authority:
GlobalSign nv-sa

Valid from:
7/4/2011 11:47:04 AM

Valid to:
7/4/2014 11:47:04 AM

Subject:
E=vlcek@avast.com, CN=AVAST Software a.s., O=AVAST Software a.s., L=Praha 4, S=CZ, C=CZ

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112199FB57A8EF0D2D6B25BB68D88DF245B5

File PE Metadata
Compilation timestamp:
12/1/2011 12:39:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:eyogOZTpkdHHwIaChxmSxFHkwKq1r0bLxfUoP:O9ZTIQEhxtxFHkwNA8oP

Entry address:
0x2802E

Entry point:
E8, 04, 81, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 4F, 22, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 92, 75, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 2A, 22, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 76, 08, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, F9, 21, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16...
 
[+]

Entropy:
7.9821  (probably packed)

Code size:
250 KB (256,000 bytes)

The file {blocked}.exe has been seen being distributed by the following 3 URLs.

http://wgtot23.digitalriver.com/wgt/9B5A4FCEF11DA80C/186F732D33901628BF4EB58EB089625E2F108719B30B44AB653A3498544FBE77298DE6AC8DCF8311C662EF68FA410922E4D6148AEE5C17D3B1C150D8F214B86E97A693A7BBF30D56/.../avast_easypass_setup.exe

http://wgtot23.digitalriver.com/wgt/9B5A4FCEF11DA80C/186F732D339016287447FB16E627B6B8678737F55D197B03920B29C1850B43AF8F7BAB80AA8A70EAC662EF68FA410922DB60E7BE2D59768692DBD0B0FD4D0DE897A693A7BBF30D56/.../avast_easypass_setup.exe

http://wgtot23.digitalriver.com/wgt/9B5A4FCEF11DA80C/186F732D3390162891F15075FA26DFA2FC265B0D0E66DDD7653A3498544FBE775D12196B86831618DBC98397FD476D24F7E69B8E9494B45D3FCFF6D3FADD636397A693A7BBF30D56/.../avast_easypass_setup.exe

Scan {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.