home

devcon.exe

Windows Setup API

Microsoft Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from dealer.suw.stollar.pl.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Setup API

Version:
6.0.6001.18000 (longhorn_rtm.080118-1840)

MD5:
0eef488df0e3b2ed497315d6ae2111c6

SHA-1:
dc5764dd42d60a772456fb231327cbfbdd4886e3

SHA-256:
8f584354d11cc729c0e113c940fce111e881f0fa6c506770759693a5cab7d918

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:00:18 AM UTC  (today)

File size:
79 KB (80,896 bytes)

Product version:
6.0.6001.18000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SETUPAPI.DLL

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\devcon.exe

File PE Metadata
Compilation timestamp:
1/19/2008 3:59:38 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
768:8p+EGTIX/CfbpGTO0ePDMGRPqIXvqFT8eRS2r3lviih82BSOe9oKSJ2SLD0BEZWk:8ge/CfbcTODD1nXiN3Rxr3laihF4O7W

Entry address:
0x707C

Entry point:
48, 83, EC, 28, E8, 2F, 03, 00, 00, 48, 83, C4, 28, E9, 46, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 66, 90, 66, 66, 66, 90, 66, 90, 48, 3B, 0D, 59, 20, 00, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, B1, 03, 00, 00, CC, CC, CC, CC, CC, CC, CC, FF, 25, DC, A2, FF, FF, CC, CC, CC, CC, CC, CC, FF, 25, C0, A2, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 45, 8B, 18, 48, 8B, DA, 4C, 8B, C9, 41, 83, E3, F8, 41, F6, 00, 04, 4C, 8B, D1, 74, 13...
 
[+]

Code size:
30.5 KB (31,232 bytes)

The file devcon.exe has been seen being distributed by the following URL.

http://dealer.suw.stollar.pl/update/setup/.../devcon.exe

Scan devcon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.