eduroam_w7_universidad_de_la_rioja.exe

TERENA

The executable eduroam_w7_universidad_de_la_rioja.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer.
Publisher:
TERENA  (signed and verified)

MD5:
debe2b73f8f02028afdc002471a8506c

SHA-1:
47c579d0cc77b84da81c83553dd56439e9bf42b6

SHA-256:
f629e9d968f7990ba8dd60e1fd7f41561370392cc4cac950b9319e6a02b566f8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 6:06:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.11.2.13

File size:
735.3 KB (752,912 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Digital Signature
Signed by:

Authority:
TERENA

Valid from:
7/20/2012 2:00:00 AM

Valid to:
7/21/2015 1:59:59 AM

Subject:
CN=TERENA, OU=eduroam Operations (BETA), O=TERENA, STREET=Singel 468 D, L=Amsterdam, S=Noord Holland, PostalCode=NL-1017-AW, C=NL

Issuer:
CN=TERENA Code Signing CA, O=TERENA, C=NL

Serial number:
132B04A6B82A478B13B2DDCCB551B610

File PE Metadata
Compilation timestamp:
1/5/2010 1:09:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:Oe0DykL/nTBQc88RLjde6mwH+zn3dttorMSfubfVWgQTFjLPxf6z+XfR8mVdSSiJ:Oee3niUFeNnNttorM5tSh30qfCmpiJ

Entry address:
0x3E17

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 28, 54, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, CC, 50, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, 37, 54, 00, 00, A3, 88, 44, 7A, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, 38, 45, 7A, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, 61, 53, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 68, 45...
 
[+]

Code size:
33 KB (33,792 bytes)

Remove eduroam_w7_universidad_de_la_rioja.exe - Powered by Reason Core Security