» CwUpdate.exe
Overview
Analysis
File Details

CwUpdate.exe

CwUpdate

eClinicalWorks LLC

File name:

CwUpdate.exe

Publisher:

eclinicalworks (signed by eClinicalWorks LLC)

Product:

CwUpdate

Version:

4.00.0008

MD5:

0c8ef1e29aafcd2890edb2ef52f5fb8b

SHA-1:

9403c3d1465e5352b4d0e56062916323085cc6f8

SHA-256:

35cfae80d2887caa7bdb92a5af201a845e3fef8e25e4a5c25e563897a106e0d7

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/22/2024 11:47:32 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.5.5

IKARUS anti.virus

Trojan-Dropper

t3scan.1.1.97.0

File size:

157.8 KB (161,624 bytes)

Product version:

4.00.0008

Original file name:

CwUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\eclinicalworks\cwupdate.exe

Digital Signature

Signed by:

eClinicalWorks LLC

Authority:

VeriSign, Inc.

Valid from:

1/26/2011 6:00:00 PM

Valid to:

1/27/2012 5:59:59 PM

Subject:

CN=eClinicalWorks LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=eClinicalWorks LLC, L=Westborough, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

73484DE74054DEE8BF33CADB9177F622

File PE Metadata

Compilation timestamp:

1/20/2011 5:46:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:t/RBjx4BW3eP26HQOLdEfCiqSBR8RD0DroaeRZMK07UMl4MFGhxC:t/ZtZOLdEfrqSBRYD0DroaeRZMK07UMA

Entry address:

0x25E4

Entry point:

68, 88, 2A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 5D, A0, C2, 46, 33, 0E, 85, 4B, B5, 1C, B7, 5C, 54, 0F, CA, 34, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 20, 20, 3D, 20, 20, 43, 77, 55, 70, 64, 61, 74, 65, 00, 20, 20, 20, 20, 54, 61, 62, 00, 00, 00, 00, FF, CC, 31, 00, 08, 93, 74, D2, 64, 59, 95, 7F, 41, 8F, 61, 2F, 33, 0A, 4C, C9, CF, B5, 70, 1D, F9, 6A, 24, BC, 4C, 82, 42, 09, 2C, AF, AB, E8, AE, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.6936

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

140 KB (143,360 bytes)

Scan CwUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.