call_of_juarez_bound_in_blood_1.1_en_fr_sp_it_de_pl.exe

Techland

This is a setup program which is used to install the application. The file has been seen being downloaded from redakcja.pccentre.pl and multiple other hosts.
Publisher:
Techland  (signed and verified)

MD5:
4b38595f0f548f338c513fc10ee9d734

SHA-1:
10dfac1114376969f09d9ea9d767c02fb437a6b1

SHA-256:
6a0a73bbb20aff9b193e317c4b053524dfa879ac4000e13c82a54e162b0ea7b8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:27:40 AM UTC  (today)

File size:
58 MB (60,818,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installers\call_of_juarez_bound_in_blood_1.1_en_fr_sp_it_de_pl.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/23/2008 2:00:00 AM

Valid to:
4/28/2011 1:59:59 AM

Subject:
CN=Techland, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Techland, L=Wroclaw, S=Wroclaw, C=PL

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1AD0453D33F8412615340D5FDDFC6A10

File PE Metadata
Compilation timestamp:
9/2/2009 11:41:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1572864:j9G2yGNKQ5X+QV05xIwSuVYIlCq7Z7fMg:5sFm/V07IwtSLqdzMg

Entry address:
0x2A26

Entry point:
E8, 89, 41, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 6F, 18, 00, 00, 89, 45, 0C, 8B, 46, 0C, A8, 82, 59, 75, 17, E8, 5E, 0D, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2D, 01, 00, 00, A8, 40, 74, 0D, E8, 43, 0D, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, A8, 10, 89, 5E, 04, 0F, 84, 85, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 66, A9, 0C, 01, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, 75, 2C...
 
[+]

Code size:
56 KB (57,344 bytes)

The file call_of_juarez_bound_in_blood_1.1_en_fr_sp_it_de_pl.exe has been seen being distributed by the following 2 URLs.