cabri2plus_143_spanish.exe

Cabrilog S.A.S.

This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
Cabrilog  (signed by Cabrilog S.A.S.)

Description:
Cabri II Plus 1.4.3

Version:
1.4.3

MD5:
8763d410bb4a827bdd0fee7afd3ed3f0

SHA-1:
f4353aa15e9da0195d000f17d83ed7d4df210d6c

SHA-256:
0bfac34e3d04f7c7865402123b94d363fb532efefe5a9cd401e3de7cb7c0437d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 10:27:30 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
BScope.Trojan-Spy.Zbot
3.12.26.4

File size:
55.8 MB (58,509,448 bytes)

Copyright:
Cabrilog

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cabri2plus_143_spanish.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/25/2008 9:00:00 PM

Valid to:
2/25/2010 8:59:59 PM

Subject:
CN=Cabrilog S.A.S., OU=Secure Application Development, O=Cabrilog S.A.S., L=Grenoble, S=NA, C=FR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0E238C1DB647DBB9AA1E8BC34BEA85C4

File PE Metadata
Compilation timestamp:
1/29/2004 3:13:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
1572864:h6e+FEs1IxcnSHSJrPBT4Bn1I20QhzOlDzSHJOiPEB:4eO96EJrJT4VPVhzOlD2HJOIEB

Entry address:
0x39E0

Entry point:
81, EC, 20, 0F, 00, 00, 56, 57, 6A, 04, FF, 15, 0C, 61, 40, 00, 33, FF, 89, 7C, 24, 40, 89, 7C, 24, 24, 89, 7C, 24, 20, 89, 7C, 24, 28, 89, 7C, 24, 1C, FF, 15, A4, 60, 40, 00, 8A, 08, 80, F9, 22, 89, 44, 24, 30, 75, 2A, EB, 05, 80, F9, 22, 74, 10, 40, 8A, 08, 84, C9, 89, 44, 24, 30, 75, F0, 80, F9, 22, 75, 17, 40, 89, 44, 24, 30, EB, 10, 80, F9, 20, 74, 10, 40, 8A, 08, 89, 44, 24, 30, 84, C9, 75, F0, 80, 38, 20, 75, 0A, 40, 80, 38, 20, 74, FA, 89, 44, 24, 30, 8A, 10, 80, FA, 2F, 74, 1B, 8B, C8, EB, 08, 80...
 
[+]

Code size:
19.5 KB (19,968 bytes)

The file cabri2plus_143_spanish.exe has been seen being distributed by the following 2 URLs.

Scan cabri2plus_143_spanish.exe - Powered by Reason Core Security