eduroam-w7-udg-.exe

TERENA

The executable eduroam-w7-udg-.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from csirc.ugr.es.
Publisher:
TERENA  (signed and verified)

MD5:
5fd2f5e522991ed2bff15282632fa8b3

SHA-1:
22b2b80aa8a4610c8f62d4462934f65ec7dffdcf

SHA-256:
982e8b534c35dd3b95dc6d1d8d5eb69c3c6a6e3e5859213bb98aacaf375da182

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/26/2024 3:23:36 PM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
Trj/OCJ.F
15.06.24.12

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.4.20

File size:
736.5 KB (754,176 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Digital Signature
Signed by:

Authority:
TERENA

Valid from:
7/20/2012 2:00:00 AM

Valid to:
7/21/2015 1:59:59 AM

Subject:
CN=TERENA, OU=eduroam Operations (BETA), O=TERENA, STREET=Singel 468 D, L=Amsterdam, S=Noord Holland, PostalCode=NL-1017-AW, C=NL

Issuer:
CN=TERENA Code Signing CA, O=TERENA, C=NL

Serial number:
132B04A6B82A478B13B2DDCCB551B610

File PE Metadata
Compilation timestamp:
1/5/2010 1:09:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:B+4D/lL/ATBQc88RLjde6mwH+zn3dttorMSfubfVWgQTFjLPxf6z+XfR8mVdSSi6:B+a/pAiUFeNnNttorM5tSh30qfCmpi6

Entry address:
0x3E17

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 28, 54, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, CC, 50, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, 37, 54, 00, 00, A3, 88, 44, 7A, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, 38, 45, 7A, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, 61, 53, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 68, 45...
 
[+]

Code size:
33 KB (33,792 bytes)

The file eduroam-w7-udg-.exe has been seen being distributed by the following URL.

Remove eduroam-w7-udg-.exe - Powered by Reason Core Security