home

connectblue.exe

Win32 Cabinet Self-Extractor

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dialer.connect.net.pk.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.3790.0 (srv03_rtm.030324-2048)

MD5:
d5c6fd934e89eb417de8bd297d83ef1a

SHA-1:
35046c62aa1108427d3f77d62e2d8a628df5b4a4

SHA-256:
946a4fd426ff6e9c50ae147ca47d6e5089c867f03390229625efee1ad4254116

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 11:27:05 AM UTC  (today)

File size:
798.5 KB (817,622 bytes)

Product version:
6.00.3790.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\connectblue.exe

File PE Metadata
Compilation timestamp:
3/25/2003 12:08:18 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:drXbpjKyOaZy42kgPogn9obCRPpxZELCZlnwB97udTdLZWkFTSD4gtIVS396n6gb:dQd42kgQgOIXvr+7wHDFmMgkz6RHZn0f

Entry address:
0x9F000

Entry point:
90, BB, 57, F0, 25, 00, 68, 1C, F0, 09, 01, 5E, 90, 90, 68, 98, 05, 00, 00, 5F, 31, 1C, 3E, 90, 90, 83, EF, 04, 75, F6, 90, 90, BF, 8D, 24, 00, 57, F0, 25, 00, 57, F0, 25, 01, 6B, AD, 25, 00, 57, 34, 2C, 00, 81, 39, 2C, 00, 57, 40, 27, 00, 57, F0, 25, 00, 1B, E0, 25, 01, 0D, 67, 25, 01, 31, 67, 25, 01, 73, 78, 25, 00, 0F, 67, 25, 00, 33, 67, 25, 00, 1B, F4, 25, 00, 7B, D8, C1, 77, 07, D9, C1, 77, 57, F0, 25, 00, 57, F0, 25, 00, C3, E0, 25, 01, 57, F0, 25, 00, 5F, E1, 25, 01, C2, D4, A5, 3E, 17, F0, 25, 00...
 
[+]

Entropy:
7.9456  (probably packed)

Code size:
36 KB (36,864 bytes)

The file connectblue.exe has been seen being distributed by the following URL.

http://dialer.connect.net.pk/dialer/.../ConnectBlue.exe

Scan connectblue.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.