fixShell.exe

Prevx 3.0

Prevx

This is a setup program which is used to install the application. The file has been seen being downloaded from download939.mediafire.com and multiple other hosts.
Publisher:
Prevx  (signed and verified)

Product:
Prevx 3.0

Description:
Prevx Shell Correction Utility

Version:
3.0.5.28 built by: WinDDK

MD5:
bb09b7669d31e5b81cba44ce3544ae3d

SHA-1:
6362e2da27b209144286b528282eb6e4c7fb8c2d

SHA-256:
bee957b5118ea930e839a3ef2f5d786970edf02b05789b97fccad97b3cc258e8

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 9:32:18 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Malware
11.20140325

File size:
48.3 KB (49,504 bytes)

Product version:
3.0.5.28

Copyright:
(c) Prevx Ltd. 2009

Original file name:
fixShell.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fixshell.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/16/2007 9:00:00 PM

Valid to:
12/13/2010 9:59:59 PM

Subject:
CN=Prevx, OU=Prevx, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Prevx, L=MIlton Keynes, S=Buckinghamshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
380FD95B7ED014F18E7D948492F0A61B

File PE Metadata
Compilation timestamp:
11/27/2009 2:07:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:g3K418UqL+aWKKiZfU67w1mS5fkWl1ksrs5dezLqbEmr:NiLm+9KJcOSJkcls5dezG7r

Entry address:
0x2806

Entry point:
E8, F6, 17, 00, 00, E9, 19, FE, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 3A, 18, 00, 00, 33, C0, 5D, C2, 04, 00, CC, CC, CC, CC, CC, 68, 15, 28, 00, 01, FF, 15, 20, 10, 00, 01, 33, C0, C3, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 33, C0, EB, 0F, 85, C0, 75, 10, 8B, 0E, 85, C9, 74, 02...
 
[+]

Code size:
32 KB (32,768 bytes)

The file fixShell.exe has been seen being distributed by the following 9 URLs.

Scan fixShell.exe - Powered by Reason Core Security