home

cp465us_free.exe

GkWare Self extractor

Gero Kuehn

This is a setup program which is used to install the application. The file has been seen being downloaded from download.heise.de and multiple other hosts.
Publisher:
Gero Kuehn

Product:
GkWare Self extractor

Version:
2.10.0

MD5:
f30fe9aaf7a3c40b248547182ee56965

SHA-1:
17fd2692e2650de99f6aeee37fe9b341aa1312c8

SHA-256:
0e438cd214b80739472f7071b29091143e8ff75c65609a290718a4b877f9e8b2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 9:13:01 PM UTC  (today)

File size:
10.8 MB (11,312,552 bytes)

Product version:
2.10.0

Copyright:
Copyright © Gero Kuehn 1997 - 2001

Original file name:
WINSFX.EXE

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\cp465us_free.exe

File PE Metadata
Compilation timestamp:
1/13/2002 7:11:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:Am/grADAtuH9yegQqJzPrv0ZSd6MBjdL9WIP/+dszlV9D0sxLMMIWkO9wS8/XP:Am/bDkI9ng9T0gd6MBxJusxVB0iM/Wkv

Entry address:
0x1EA5

Entry point:
56, 33, F6, 56, FF, 15, 7C, 40, 40, 00, A3, 40, 68, 40, 00, E8, 13, FD, FF, FF, 85, C0, 74, 4A, A1, 44, 68, 40, 00, 8B, 40, 0C, 48, 74, 11, 48, 75, 2B, 56, 68, E7, 12, 40, 00, 56, 68, E0, 55, 40, 00, EB, 0C, 56, 68, E7, 12, 40, 00, 56, 68, D0, 55, 40, 00, FF, 35, 40, 68, 40, 00, FF, 15, C8, 40, 40, 00, 83, F8, 01, 74, 11, E8, BF, F8, FF, FF, FF, 35, 38, 68, 40, 00, FF, 15, 40, 40, 40, 00, 56, FF, 15, 78, 40, 40, 00, 5E, 81, 7C, 24, 08, 10, 01, 00, 00, 75, 0A, FF, 74, 24, 04, E8, 89, F1, FF, FF, 59, 33, C0...
 
[+]

Code size:
12 KB (12,288 bytes)

The file cp465us_free.exe has been seen being distributed by the following 2 URLs.

https://download.heise.de/software/23081f608131afc3e0f4cd427a4d70fd/571a0fbf/.../cp465us_free.exe

http://www.clonkx.de/.../cp465us_free.exe

Scan cp465us_free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.