» desinstaladorconsole.exe
Overview
Analysis
File Details
Downloads (1)

desinstaladorconsole.exe

Positivo Informática SA

This is a setup program which is used to install the application. The file has been seen being downloaded from cache.deskmedia.mundopositivo.com.br.

File name:

Publisher:

Positivo Informática SA (signed and verified)

MD5:

9d150ab9e88bee189064d2f360f9761d

SHA-1:

103012be18c8f598d94642e11f179a27bce6e3db

SHA-256:

2913c9862b88437522f3d1c6231575412f3a096a12f37102f7da7e645e78cf02

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 4:00:16 PM UTC (today)

File size:

128.8 KB (131,896 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\deskmedia\updates\backup\deskmedia_app_x64\temp\desinstaladorconsole.exe

Digital Signature

Signed by:

Positivo Informática SA

Authority:

VeriSign, Inc.

Valid from:

12/10/2013 10:00:00 PM

Valid to:

2/9/2015 9:59:59 PM

Subject:

CN=Positivo Informática SA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Positivo Informática SA, L=Curitiba, S=Paraná, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

39511A89481465ACF4E1A75AF7882E2A

File PE Metadata

Compilation timestamp:

2/20/2014 11:05:59 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

1536:YrtRbKS76KBrfXZ3sT3bdTuDUit6ScT93XKB1aMFjK3RM5mRrO1x2uX:YrtX60XZ3u3ZSRt6hRXteW3TrO1xP

Entry address:

0x12A48

Entry point:

48, 83, EC, 28, E8, F3, 03, 00, 00, 48, 83, C4, 28, E9, 9E, FD, FF, FF, FF, 25, E0, 39, 00, 00, FF, 25, E2, 39, 00, 00, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, C8, D1, 00, 00, FF, 15, 62, 36, 00, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, E6, 39, 00, 00, EB, 7E, B9, 08, 00, 00, 00, E8, 66, 04, 00, 00, 90, 48, 8B, 0D, 9A, D1, 00, 00, FF, 15, 34, 36, 00, 00, 48, 89, 44, 24, 38, 48, 8B, 0D, 80, D1, 00, 00, FF, 15, 22, 36, 00, 00, 48, 89, 44, 24, 40, 48, 8B, CB, FF, 15... 
[+]

Code size:

81 KB (82,944 bytes)

The file desinstaladorconsole.exe has been seen being distributed by the following URL.

http://cache.deskmedia.mundopositivo.com.br/banners_rm/banners/deskmedia_2014/instaladorLite/p2/redist_x64/.../DesinstaladorConsole.exe

Scan desinstaladorconsole.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.