» c210-64.exe
Overview
Analysis
File Details
Downloads (1)

c210-64.exe

Windows Internet Explorer

Stamps.com

This is a setup program which is used to install the application. The file has been seen being downloaded from stamps.custhelp.com.

File name:

c210-64.exe

Publisher:

Microsoft Corporation (signed by Stamps.com)

Product:

Windows® Internet Explorer

Description:

Win32 Cabinet Self-Extractor

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

MD5:

df083f48f0488a35195fd2f33903556f

SHA-1:

00248446ec3406a7dfa6b02f873038f6900827c3

SHA-256:

4cd8ce860e631d3f8438813617b4b65a9e481c0a9bc26daaf4231ee8d79bf7a7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/13/2025 4:18:01 PM UTC (today)

File size:

855.4 KB (875,904 bytes)

Product version:

8.00.7600.16385

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\c210-64.exe

Digital Signature

Signed by:

Stamps.com

Authority:

VeriSign, Inc.

Valid from:

1/14/2010 4:00:00 PM

Valid to:

1/19/2011 3:59:59 PM

Subject:

CN=Stamps.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Development, O=Stamps.com, L=Los Angeles, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

55013DA6E5C8053B25CCCDAAFE49EE56

File PE Metadata

Compilation timestamp:

7/13/2009 4:58:27 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:XK3D4laBy90cTXgPI0+vZRuu8pyFct2iJxLeS6Evv0i2Kl8fKGC4UXS2V8ptP:WVByyPIjsusy0LeS6uxl8fqVXS2V8P

Entry address:

0xC9C8

Entry point:

48, 83, EC, 28, E8, F3, 02, 00, 00, 48, 83, C4, 28, E9, DA, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 09, 27, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 70, 03, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 45, 8B, 18, 48, 8B, DA, 4C, 8B, C9, 41, 83, E3, F8, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49... 
[+]

Entropy:

7.8930 (probably packed)

Code size:

54 KB (55,296 bytes)

The file c210-64.exe has been seen being distributed by the following URL.

https://stamps.custhelp.com/ci/fattach/get/29774/0/session/L2F2LzEvdGltZS8xNDM4NjA3NDY5L3NpZC9wQmhzRi1zbQ==/.../c210-64.exe

Scan c210-64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.