home

dfdownloader_hierlu_.exe

KALMET INVESTMENTS LIMITED

Publisher:
KALMET INVESTMENTS LIMITED  (signed and verified)

MD5:
5bced368c7519071e84b14b44421a431

SHA-1:
a9dcce03854247d6463181f0f0d2bd4b986da9ae

SHA-256:
152ce40701be15d90b20b1f168eb9dfb00772c705d07e5ecd5b61ea11de9a1a1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 9:48:01 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Heur
2015.0.4355

File size:
209.9 KB (214,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\utorrent\dfdownloader_hierlu_.exe

Digital Signature
Signed by:
KALMET INVESTMENTS LIMITED

Authority:
COMODO CA Limited

Valid from:
11/13/2012 3:00:00 AM

Valid to:
11/14/2013 2:59:59 AM

Subject:
CN=KALMET INVESTMENTS LIMITED, O=KALMET INVESTMENTS LIMITED, STREET=1312 Victoria, L=Mahe, S=Mahe, PostalCode=Mahe, C=SC

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
36FF3A5166481AA8D569069E51021C64

File PE Metadata
Compilation timestamp:
9/7/2013 6:43:15 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:pFeXLG725Z3pFl28UblU2dJDLQJ2uCnlNZRQPP:pFeXiKH873Qkl7SP

Entry address:
0x169E1

Entry point:
4B, 04, 03, 4E, 24, 89, 7D, 0C, DB, 45, 0C, 89, 4D, 0C, DD, 05, F0, 0E, 02, 11, DC, C9, D9, C9, D9, 5D, E0, 8B, 4D, E0, 89, 4D, D8, DA, 4D, 0C, D9, 5D, E4, 8B, 55, E4, 89, 55, DC, 8B, 45, 10, 8B, 3E, 50, 8D, 4D, D8, 51, 8D, 55, C8, 52, E8, 4F, 4F, 99, FF, 8B, 97, 60, 02, 00, 00, 83, C4, 08, 50, 8B, 45, 08, 50, 8B, CE, FF, D2, 8B, 7D, F4, 8B, 76, 14, 85, F6, 0F, 85, 36, FF, FF, FF, 8B, CF, E8, 68, B1, 03, 00, 85, C0, 0F, 84, 0E, 01, 00, 00, 8B, 40, 18, C1, E8, 0A, A8, 01, 0F, 84, 00, 01, 00, 00, 8B, 4F, 20...
 
[+]

Code size:
136 KB (139,264 bytes)

Scan dfdownloader_hierlu_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.