home

geomdif_win32.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from sistemas.fciencias.unam.mx.
MD5:
05dc3bc7378b4432a6e178236b1006ba

SHA-1:
abdc09fe041a7164ac87fdc1eb67d95f7df7da5c

SHA-256:
289408135eca155bb76050e539e080c2db91c0cc9f7456c36b011d4c260d80ea

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 11:26:17 PM UTC  (a few moments ago)

File size:
15.5 MB (16,290,881 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\geomdif_win32.exe

File PE Metadata
Compilation timestamp:
5/25/2012 4:26:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
393216:L5abgW2iQS6gusz9PZ+WaZJUsYAr3FkvMJPXAZ4KLH/K:1NWHQ5p6Z+NZysYAr3WUJPXIVK

Entry address:
0xCFCC

Entry point:
E8, 72, 60, 00, 00, E9, 95, FE, FF, FF, 6A, 24, 68, B0, F4, 41, 00, E8, AE, 15, 00, 00, 33, C0, 88, 45, E7, C7, 45, CC, 01, 10, 00, 00, 89, 4D, D0, 8D, 4D, E7, 89, 4D, D4, 89, 45, FC, 8D, 4D, CC, 51, 6A, 06, 50, 68, 88, 13, 6D, 40, FF, 15, 8C, 90, 41, 00, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, 0F, B6, 45, E7, E8, B0, 15, 00, 00, C3, 6A, 24, 68, D0, F4, 41, 00, E8, 5E, 15, 00, 00, 33, C0, 88, 45, E7, C7, 45, CC, 02, 10, 00, 00, 89, 4D, D0, 8B, 4D, 08, 89, 4D, D4, 8B, 4D, 0C, 89, 4D...
 
[+]

Entropy:
7.9947  (probably packed)

Code size:
93 KB (95,232 bytes)

The file geomdif_win32.exe has been seen being distributed by the following URL.

http://sistemas.fciencias.unam.mx/~geometria/.../GeomDif_Win32.exe

Scan geomdif_win32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.