home

flashplayer.exe

Track

PWI, Inc.

Publisher:
CSoft Technologies Inc.  (signed by PWI, Inc.)

Product:
Track

Version:
6.04

MD5:
3259bddb1e0746423902df02aced8584

SHA-1:
ddcaa1f715ccc1fa95a4833848cd9906afcd1545

SHA-256:
e11cde6d31ba0857c8452bda0d749823e44420e9b9c613156a8daa510f677d4f

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 11:25:04 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CPRO trojan
7.0.302.0

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

File size:
370.3 KB (379,197 bytes)

Product version:
6.04

Original file name:
Track.exe

File type:
Executable application (Win32 EXE)

Language:
Japanese (Japan)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\flashplayer.exe

Digital Signature
Signed by:
PWI, Inc.

Authority:
VeriSign, Inc.

Valid from:
5/7/2013 12:00:00 AM

Valid to:
7/6/2014 11:59:59 PM

Subject:
CN="PWI, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="PWI, Inc.", L=New Albany, S=Ohio, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
50162F95815C2D310127D687A5CD7B15

File PE Metadata
Compilation timestamp:
1/7/2016 1:29:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:tZRXXXXXXXXXXXXXXXXXXXXzL7lAA8y2Z448XItjSxnnyn2R7/hi9CigkVG7HLaN:trXXXXXXXXXXXXXXXXXXXX5LSkYtjSZ0

Entry address:
0x126C

Entry point:
68, 90, D7, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 43, DB, 05, E4, DE, 98, AC, 48, 91, 01, 6C, 5E, C2, 64, BA, E9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 0A, 43, 61, 70, 74, 69, 46, 75, DF, 70, 72, 6F, 62, 6C, 65, 6D, 61, 74, 69, 6B, 65, 6E, 00, 20, 20, 20, 22, 4D, 69, 73, 00, 00, 00, 00, FF, CC, 31, 00, 13, B7, D7, EE, C9, 28, B9, 0C, 4F, 8B, E2, 3A, 59, 8E, 2A, 9A, CD, 86, ED, B1, 6C, 5F, 10, 23, 42, A0, 39, 4D, D2, F7, E4, 7C, AB, 3A, 4F, AD...
 
[+]

Entropy:
7.1397

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
332 KB (339,968 bytes)

Scan flashplayer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.