home

greengardenersav.exe

ScrInstall Application

This is a self-extracting archive and installer. The file has been seen being downloaded from ddl.ezthemes.com.
Product:
ScrInstall Application

Description:
ScrInstall MFC Application

Version:
1, 0, 0, 1

MD5:
22da5781939672b3de33db7cf5f3c516

SHA-1:
de0f6e073c967d89a151bfc9e5f439d90d403701

SHA-256:
46fce94508ad60f016217178eb4f7b686d9a17e7422ffc98ce68503cce35f0fd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 5:16:52 PM UTC  (today)

File size:
1.1 MB (1,121,797 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 1999

Original file name:
ScrInstall.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\greengardenersav\greengardenersav.exe

File PE Metadata
Compilation timestamp:
2/13/2001 4:02:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:FA0NLFbrC54wGtH5EpmrzzOA35XyXROPlfbQzSKK:6CZ3wGDl/zOAJXyXRc2Sf

Entry address:
0x44001

Entry point:
60, E8, 02, 00, 00, 00, EB, 09, 5D, 55, 81, ED, 39, 39, 44, 00, C3, E9, 59, 04, 00, 00, D1, 26, 3D, 39, 39, D2, 39, 82, 09, 00, 7D, 39, 3A, E4, 12, A4, C5, 06, 7D, 39, BA, 84, 11, 73, 7D, 39, 39, B0, A4, 11, 73, 7D, 39, 36, BC, 5B, 3A, 39, 39, FE, BC, 7A, 00, 7D, 39, 39, 39, 39, 39, B4, BC, 09, 73, 7D, 39, 69, C6, AC, 15, 72, 7D, 39, B0, BC, 15, 73, 7D, 39, B2, C1, B4, A4, 04, 73, 7D, 39, 6A, 69, C6, AC, 11, 72, 7D, 39, B0, BC, 11, 79, 7D, 39, B4, A4, 73, 73, 7D, 39, 6A, 6E, C6, AC, 11, 72, 7D, 39, B0, BC...
 
[+]

Entropy:
7.9917

Packer / compiler:
ASPack v2.11c

Code size:
140 KB (143,360 bytes)

The file greengardenersav.exe has been seen being distributed by the following URL.

http://ddl.ezthemes.com/files/.../g/greengardenersav.exe

Scan greengardenersav.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.