desinstaladorconsole.exe

Positivo Informática SA

This is a setup program which is used to install the application. The file has been seen being downloaded from cache.deskmedia.mundopositivo.com.br.
Publisher:
Positivo Informática SA  (signed and verified)

MD5:
9d150ab9e88bee189064d2f360f9761d

SHA-1:
103012be18c8f598d94642e11f179a27bce6e3db

SHA-256:
2913c9862b88437522f3d1c6231575412f3a096a12f37102f7da7e645e78cf02

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 6:23:50 PM UTC  (today)

File size:
128.8 KB (131,896 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\deskmedia\updates\backup\deskmedia_app_x64\temp\desinstaladorconsole.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/10/2013 10:00:00 PM

Valid to:
2/9/2015 9:59:59 PM

Subject:
CN=Positivo Informática SA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Positivo Informática SA, L=Curitiba, S=Paraná, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
39511A89481465ACF4E1A75AF7882E2A

File PE Metadata
Compilation timestamp:
2/20/2014 11:05:59 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:YrtRbKS76KBrfXZ3sT3bdTuDUit6ScT93XKB1aMFjK3RM5mRrO1x2uX:YrtX60XZ3u3ZSRt6hRXteW3TrO1xP

Entry address:
0x12A48

Entry point:
48, 83, EC, 28, E8, F3, 03, 00, 00, 48, 83, C4, 28, E9, 9E, FD, FF, FF, FF, 25, E0, 39, 00, 00, FF, 25, E2, 39, 00, 00, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, C8, D1, 00, 00, FF, 15, 62, 36, 00, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, E6, 39, 00, 00, EB, 7E, B9, 08, 00, 00, 00, E8, 66, 04, 00, 00, 90, 48, 8B, 0D, 9A, D1, 00, 00, FF, 15, 34, 36, 00, 00, 48, 89, 44, 24, 38, 48, 8B, 0D, 80, D1, 00, 00, FF, 15, 22, 36, 00, 00, 48, 89, 44, 24, 40, 48, 8B, CB, FF, 15...
 
[+]

Code size:
81 KB (82,944 bytes)

The file desinstaladorconsole.exe has been seen being distributed by the following URL.

http://cache.deskmedia.mundopositivo.com.br/banners_rm/banners/deskmedia_2014/instaladorLite/p2/redist_x64/.../DesinstaladorConsole.exe

Scan desinstaladorconsole.exe - Powered by Reason Core Security