CitrixOnlinePluginFull.exe

Citrix ICA Client

Citrix Systems, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.krihio.ir and multiple other hosts.
Publisher:
Citrix Systems, Inc.  (signed and verified)

Product:
Citrix ICA Client

Description:
Citrix online plug-in

Version:
12.3.0.8

MD5:
7184552c6cb74cff75da8f0bac447cb5

SHA-1:
52cf652e64fff77dbf9692adfc6b9a382ae31cd3

SHA-256:
5a90929694fe42eef5da7cd73dabbac07deaca8d44e753e62ba2f8d7a78a1c23

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 1:15:01 AM UTC  (today)

File size:
16.3 MB (17,143,752 bytes)

Product version:
12.3.0

Copyright:
Copyright (c) 1990-2010 Citrix Systems, Inc.

Original file name:
CitrixOnlinePluginFull.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\citrixonlinepluginfull.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/21/2011 7:00:00 PM

Valid to:
3/31/2012 6:59:59 PM

Subject:
CN="Citrix Systems, Inc.", OU=XenApp Engineering (Client), OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Citrix Systems, Inc.", L=Fort Lauderdale, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72BE6C01F1C9A33C319B06676A3BA1B7

File PE Metadata
Compilation timestamp:
3/28/2012 2:42:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
393216:+cSHmckqVmm4Z5C6JEWj9999999zxUnbT+/RF6KCTmImDOCiNB:THcal9mY9999999zoT+GZiImDRYB

Entry address:
0x256AF

Entry point:
E8, 99, 72, 00, 00, E9, 17, FE, FF, FF, 8B, 44, 24, 04, 8B, D0, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 66, 8B, 4C, 24, 08, 48, 48, 3B, C2, 74, 05, 66, 39, 08, 75, F5, 66, 8B, 10, 66, 2B, D1, 66, F7, DA, 1B, D2, F7, D2, 23, C2, C3, 6A, 0C, 68, E8, 13, 46, 00, E8, 4B, 12, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 48, B2, 46, 00, 03, 75, 43, 6A, 04, E8, 63, 74, 00, 00, 59, 83, 65, FC, 00, 56, E8, 74, 75, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 90, 75, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF...
 
[+]

Entropy:
7.9924  (probably packed)

Code size:
328 KB (335,872 bytes)

The file CitrixOnlinePluginFull.exe has been seen being distributed by the following 48 URLs.

http://www.krihio.ir/downloads/.../CitrixOnlinePluginFull.exe

https://www.humaneland.net/.../portal.xhtml

https://www.humaneland.net/portal/.../admonTareas.xhtml

https://marketexpert.truvenhealth.com/ME/Citrix/.../CitrixOnlinePluginFull.exe

https://www.google.com/url?hl=en&q=https://portal.arise.com/Portal/Downloads/Client/.../CitrixOnlinePluginFull.exe&source=gmail&ust=1483577554824000&usg=AFQjCNHuPNBwnNglrRySYujd8n0LcUvqig

https://webaccess.moa.gov.sa/http/secureProduction/Citrix/XenApp1/.../CitrixOnlinePluginWeb.exe

https://webaccess.moa.gov.sa/Citrix/XenApp1/.../CitrixOnlinePluginWeb.exe

https://webvpn.urmc.rochester.edu/ CSCO 0h756767633A2F2F6A6A6A2E68657A702E6562707572666772652E727168 /.../CitrixXenapp.exe

http://192.168.21.21/Citrix/XenApp/Clients_common/Windows/.../CitrixOnlinePluginFull.exe

http://download21.mediafire.com/74ym56dkjykg/.../CitrixOnlinePluginFull.exe

https://webaccess.sla.com.br/Citrix/ICAWEB/en/.../,DanaInfo=nfusebr.br.scania.com CitrixOnlinePluginFull.exe

https://www.urmc.rochester.edu/.../CitrixXenapp.exe

http://vis.praesidium.brk.de/.../CitrixOnlinePluginFull.12.3.exe

https://access.bluescopesteel.com/CitrixOnlinePluginFull.exe

http://86.51.170.103/Citrix/XenApp/Clients_common/.../CitrixOnlinePluginWeb.exe

Latest 30 of 48 download URLs