home

end32.exe

Star Wars - The Old Republic

InfoTec LLC

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Start32’.
Publisher:
BioWare Productions  (signed by InfoTec LLC)

Product:
Star Wars - The Old Republic

Version:
4.19.11.0

MD5:
033669a29d43f8171e67cead18080db7

SHA-1:
f8a149b628594ca341a84f77f35a9e365dee234b

SHA-256:
ed97f23e202f35d1a0c4029e79c3bfc6feb22b288d31107d435bed73c72ec734

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 6:49:55 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Injector.NOK trojan
7.0.302.0

File size:
298.2 KB (305,344 bytes)

Product version:
4.19.11.0

Copyright:
Copyright (c)2011-2015 EA Sports & Bioware Productions.

Trademarks:
Copyright (c)2011-2015 EA Sports & Bioware Productions. All rights reserved.

Original file name:
MASS VPN.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\end32.exe

Digital Signature
Signed by:
InfoTec LLC

Authority:
InfoTec LLC

Valid from:
2/7/2016 3:57:21 AM

Valid to:
2/7/2026 3:57:21 AM

Subject:
E=mail@infotec.com, CN=InfoTec, OU=InfoTec Certification, O=InfoTec LLC, L=Boston, S=Massachusetts, C=US

Issuer:
E=mail@infotec.com, CN=InfoTec, OU=InfoTec Certification, O=InfoTec LLC, L=Boston, S=Massachusetts, C=US

Serial number:
009CCF06675C6BDF8D

File PE Metadata
Compilation timestamp:
2/9/2016 2:39:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:nVuyxEtvjKNPog1R8oMiwCx8YXFTeutCwixyFb:nVuBjUPo+zMxYbQe

Entry address:
0x14DCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 80, 00, 00, 80, 10, 00, 00, 00, 98, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 09, 00, 02, 00, 00, 00, B0, 00, 00, 80, 03, 00, 00, 00, C8, 00, 00, 80, 04, 00, 00, 00, E0, 00...
 
[+]

Entropy:
6.4478

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
75.5 KB (77,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Start32

Command:
C:\users\{user}\appdata\local\temp\end32.exe


Scan end32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.