home

ds2_patch_2.2.exe

Microsoft Corporation

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from www.gry-online.pl and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

MD5:
d460033a6f38f1979041097c1a68c4d3

SHA-1:
705c9427bdbc4e5a7d73b27dd132b5821fad1beb

SHA-256:
d8755fe58c6d1dc480b0c2a98e824f468fe1f4411841523e3bce6301db764b8f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/26/2024 4:30:41 AM UTC  (today)

File size:
11.9 MB (12,445,432 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

Common path:
C:\users\{user}\downloads\ds2_patch_2.2.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/6/2005 12:20:19 AM

Valid to:
4/6/2006 1:30:19 AM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6105875800030000005A

File PE Metadata
Compilation timestamp:
1/9/2001 3:08:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
196608:Rp0NfoViBmQxlkY2hjC38y8xNEP6Hw4RQNx7sFuB9gwo/7VfubZu/fEI/S4uwi0B:UBxP2q8y8xi2SNN/9gwMxfubZu/f8Iii

Entry address:
0x39D8

Entry point:
53, FF, 15, 50, 60, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 54, 60, 40, 00, 50, E8, 07, F8, FF, FF, 50, FF, 15, 58, 60, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 28, 84, 40, 00, 83, 0D, A0, 82, 40, 00, FF, 56, 33, F6, 39, 35, F8, 7D, 40, 00, 89, 35, D4, 83, 40, 00, 89, 35, 24, 84, 40, 00, A3, C4, 86, 40, 00, 75, 05, E8, 67, D8, FF, FF...
 
[+]

Packer / compiler:
WinZip, 0x32-bit SFX v8.x module

Code size:
18.5 KB (18,944 bytes)

The file ds2_patch_2.2.exe has been discovered within the following program.

Dungeon Siege 2 Broken World  by Gas Powered Games
Dungeon Siege II: Broken World is the expansion pack for the role-playing video game Dungeon Siege II and continues the unfinished plot of the previous game. It was developed by Gas Powered Games and published by 2K Games. The game continues where Dungeon Siege II left off.
www.gaspowered.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file ds2_patch_2.2.exe has been seen being distributed by the following 7 URLs.

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxUzJxMGtlekQ1aU02K05NSmVNWVZwYmthR05WZVI5Y01LNEI0aU1TUUs1RXpNRWdsZjNYa3BvV1V1MFVZZkh5ejlOYW9Xa1BRRkMxSFEvVGtqV2NsOElwQzBOM0hITzNkMmQveG9yZExIVXA=

http://software-files-a.cnet.com/s/software/10/44/23/.../DS2_Patch_2.2.exe

http://files.downloadnow.com/s/software/10/44/23/.../DS2_Patch_2.2.exe

http://download.microsoft.com/download/3/d/c/.../DS2_Patch_2.2.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../DS2_Patch_2.2.exe

http://188.165.0.17/file/.../DS2 Patch 2.2.exe

http://dl.rapids.pl/.../DS2 Patch 2.2.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.