epp370.exe

ES-Computing

This is a setup program which is used to install the application. The file has been seen being downloaded from www.editplus.com and multiple other hosts.
Publisher:
ES-Computing  (signed and verified)

MD5:
dc21fc913d64fb19f10ca745d6c39701

SHA-1:
884c60c8498a9b55e2794af457c1aa2915785226

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 11:31:43 AM UTC  (today)

File size:
2 MB (2,057,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\epp370.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
11/21/2013 1:00:00 AM

Valid to:
1/21/2015 12:59:59 AM

Subject:
CN=ES-Computing, O=ES-Computing, L=Jinju-si, S=Gyeongsangnam-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
57BCE7C1FB736104B8E3BDCDCDB4E0F2

File PE Metadata
Compilation timestamp:
2/17/2012 3:55:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:pJTCGOjs19Xkwy6lotZwXG+r5gGne845crnjZR09:p9CPjs190S4ZyGlcdVr8

Entry address:
0xB583

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, F2, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, EE, 9F, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 17, A5, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 32, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9799  (probably packed)

Code size:
71.5 KB (73,216 bytes)

The file epp370.exe has been seen being distributed by the following 12 URLs.

http://www.editplus.com/ftp.php?n=epp370.exe

https://www.regnow.com/softsell/visitor.cgi?affiliate=45065&action=site&vendor=2816&ref=http://www.editplus.com/.../epp370.exe

http://www.megadlcenter.com/JzqIZ EL1V3mAp3OPioXE4XGIOjVzmBEGGChbfzPWqVWoL2dEdcRFGNVVL 86t1shI7lmphCpurB7P_DPF4cIEV2m6pyjYmXFkd1UdL9DsDVqysUwbjpZH1NQZBDE8hgO0y0_tv IoVcjwrdcKLhpAZfiq69dp4JEReBSKVN7TsDGmiFg8iaDgdCyRxOIPWFNlfWSXSS-GzcAAAQ t_Gx7QYLxuILguH8gaCMA4c10AHC67Axdq7gsJdr3DIKG 4tR_RxPd9RRJst7GoZfAA=

http://www.megadlcenter.com/B9kMcgYpmwJ4Bl0dz9RnJ7kKP41MJF5gWtHhy_xZ24NdfmWiRAjOLr5MdI2wOa5eIKns 741ViFkXJCd41SmBJ4dAL85XXyDR3ynYAh7361G3VL3zaEKBp6Y_mnKxTLMz3icPHjQydfJbhJs59Uj1SFky4PMXQfGhJCjRTpZYp3x2fjpbI1bJeIj9G7pN5b2zXeIvL51-GzcAAAQ t_Gx7QYLxuILguH8gaCMA4c10AHC67Axdq7gsJdr3DIKG 4tR_RxPd9RRJst7GoZfAA=

&onid=2352&oid=3001-2352_4-10018241&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=developers/editors&topicbrcrm=&pid=13661289&mfgid=58273&merid=58273&ctype=dm&cval=NONE&devicetype=desktop&pguid=c8f4a5a6ddcfcfc0bb0587b1&viewguid=US4QKFDwb7Q42Q8loX6Wy856kgcp4j-I9vTg&destUrl=http://software-files-a.cnet.com/s/software/13/66/12/.../epp370.exe

Scan epp370.exe - Powered by Reason Core Security