f00001555888888471-by-maria.exe

Vector Magic, Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with Vector Magic. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
Vector Magic, Inc.  (signed and verified)

MD5:
6e9d13a4a5ead264ef5422e3d144d21f

SHA-1:
557f0271d6c61e86776388ff2fc028f38a3cff35

SHA-256:
76991a888c32cb33345f880e941321239a6880c3c9a3e028ce312c3d619fec4b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/29/2024 10:58:09 PM UTC  (today)

File size:
10 MB (10,487,312 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\f00001555888888471-by-maria.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
8/13/2008 7:00:00 PM

Valid to:
8/14/2009 6:59:59 PM

Subject:
CN="Vector Magic, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="Vector Magic, Inc.", L=Menlo Park, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
388A9C9F733B1DD08B7E234C169BFB3D

File PE Metadata
Compilation timestamp:
5/3/2008 9:08:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:U6L3+gydNmFymkwJBGlyV4e54ZMOYr+kv1YCVTy+LVh88RfU:OpdQFAiX6e54ZM5r+kKCVTy+L78mfU

Entry address:
0x30E3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 58, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, E1, 2A, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 4C, 91, 40, 00, 68, 60, E3, 42, 00, E8, 98, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 86, 27, 00, 00...
 
[+]

Entropy:
7.9986

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file f00001555888888471-by-maria.exe has been discovered within the following program.

Vector Magic  by Vector Magic, Inc.
vectormagic.com
About 5% of users remove it
 
Powered by Should I Remove It?

The file f00001555888888471-by-maria.exe has been seen being distributed by the following 5 URLs.

http://www.ranchsendgift.com/ePrwejz5YWSjfs_v2gicU7n_ODZSHw oac5biCjMu5jwXjF0uyjZ7DJgcE8Bf619yX_YuOBIRnlxsBK2oexQaKrCMOr6AwUVJwcqPmHrz8ijIn6cGAlQbKVIB_SKaOkheSXSBJFApnf5SOflPiPxUI72KilHYTNGwxOb8QC5Q3RqKEEOmFI9f_uhxnBv7k0XQnnbveUP5ppPL2UfKNHKI vXmi_LFQ==-G0gAAMTcRrFNhpZqEqxD5kVxOD_HOB9Ub6BtHsi2YWPsHHEV9NIarzs66EL3XC3y01DySDmmPYcOVUL BfuYmAoLJ8IH

http://www.ranchsendgift.com/NjIDafvkdnKcIRRFb1VmPiGGgNB_0gL9tCHSlmae9Z5kx2EfqbLdNgwoA_bNxpc40XArcEV30oG74z5aHWWocIx_hdiYjoXxhr_6B0kGrK29SkfU0AGADk_GjpkfcyXYGIyDWMQM77jwgBrM73fmKKpDah7uw2kha7MrM7C6mIVUMb3zJgPOcmWZiXF1ADyBRt3vt 1y0TQUVfky9aQOj62_6DiQQA==-G0gAAMTcRrFNhpZqEqxD5kVxOD_HOB9Ub6BtHsi2YWPsHHEV9NIarzs66EL3XC3y01DySDmmPYcOVUL BfuYmAoLJ8IH

Scan f00001555888888471-by-maria.exe - Powered by Reason Core Security