home

hex-editor.exe

HHD Web Package Installer

HHD Software Ltd.

This is a setup and installation application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
HHD Software, Ltd.  (signed by HHD Software Ltd.)

Product:
HHD Web Package Installer

Version:
3, 0, 1, 1

MD5:
f522b25b964a31b2ecc8e355605677aa

SHA-1:
fab345ffa7aebce74685ca10f03bb7ba674363a0

SHA-256:
aa5f9e0f40e4af0a3d4d3747cf4c6dde428bf513c02906b4825bf2d04f92bbe9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 1:46:29 PM UTC  (today)

File size:
2.1 MB (2,180,688 bytes)

Product version:
3, 0, 1, 1

Copyright:
Copyright © 2001-2005 by HHD Software

Original file name:
MSIPackager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
HHD Software Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/23/2005 5:38:17 PM

Valid to:
5/23/2006 5:38:17 PM

Subject:
CN=HHD Software Ltd., OU=Secure Application Development, O=HHD Software Ltd., L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
213EA9

File PE Metadata
Compilation timestamp:
6/22/2005 12:14:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:BTb4tzAW/TBx1SaoFwkPYTZgTCJrpDnMkElN9Pldg/XPjG:atzAWbtMCakgedoTsvPjG

Entry address:
0x35D9

Entry point:
55, 8B, EC, B8, 74, 27, 00, 00, E8, 1A, 03, 00, 00, FF, 15, 38, 40, 40, 00, 80, 38, 22, 0F, 94, C1, 40, 8D, 4C, 09, 20, 8A, 10, 40, 3A, D1, 75, F9, 80, 38, 20, 89, 45, F0, 75, 09, 40, 80, 38, 20, 74, FA, 89, 45, F0, 53, 56, 57, 33, FF, 57, FF, 15, 3C, 40, 40, 00, 57, 68, C2, 33, 40, 00, 57, 6A, 66, 50, 89, 45, 08, A3, 08, 20, 41, 00, FF, 15, 84, 40, 40, 00, 8B, 35, 70, 40, 40, 00, 68, FC, 6D, 40, 00, BB, E8, 03, 00, 00, 53, 50, 89, 45, F8, FF, D6, 68, 64, 6D, 40, 00, FF, 15, 40, 40, 40, 00, 3B, C7, 75, 0A...
 
[+]

Entropy:
7.9980

Developed / compiled with:
Microsoft Visual C++

Code size:
10.5 KB (10,752 bytes)

The file hex-editor.exe has been seen being distributed by the following 6 URLs.

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1486453363&Signature=F9j1V0NJQL~y3QRI1nhdFva3jbwWfVhcklbq-oUEokWxJEOFNqF9Pr4exX43Qa3GD0KLr0KPC5V0cBu8CWyHm2W0fgj98LdJMvKvgSePsZ15x4yKSa7vt2NvqhQoioaszBMLCF8guhT7UbP2-XQHG~Tt73Hqx5SnDVg5xBHITYk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hex-editor.exe

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1476159167&Signature=cBAADh6ZdQ~8By54uXoA-u2apHiHFpLlav-Q2kEf3AJ-M87Sljes1x~GtBoElX1FqDBaM4NqwKXfva4n~1sSNrcYdGjLI1HUMBb5BbDdjlGGi4zeDlXreIrf5npz-BZLuC8Ej4XALVK3MbElLAmsNZe1-sJ6~ceApgF8ECJp9VQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hex-editor.exe

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1477366375&Signature=NBame1wr2mm8fuF9Zktqk2~8uVGHucrp7Y79mLfSNjiAtr2ObSjIKlkSSrec1JkODHYYWgWj6wSDTD40f7L7LT-CKazBC3zF1AJr4V6cCtBDyJkV35hfFjCa8Scjz21Ax00buvNVZM0v49CQsOCQr8aOPfEnith3Z9mvYkpw86k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hex-editor.exe

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1477792524&Signature=cWGFaIQDKUMyP4I2gI4t-aHIGAjpiOmjVfEpYz4TOYjjND77Xf8RG3MPzzM8z6b-ZrAbkyCs5BT1H45Tmrz7ia22PAg7AzoNZZnxlxKWP0oPTy5K0plCko59HSB5qWo4kv1JuztNwPBvUky3X6HdSryFnWyNKDY8hiyFr3SYUhA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hex-editor.exe

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1426832001&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=KarYGbsfYZI64TGovL0YuK5YvAkkqezrnrN0wiwTn-AvXBlvMf1mKZNXYO0asmcmeVA5MJjsvjgCS0tO6qd-t7j2GGh9d~~PS0i99rY0om3CMmziwp1gqNZnyXz9nqgN~Ge3VcxPkjOK5Vs1WNW-mAKdrxuGhs1zG6t3tgNxATY_&filename=hex-editor.exe

http://gsf-cf.softonic.com/fab/345/.../file?SD_used=0&channel=WEB&fdh=no&id_file=14577&instance=softonic_en&type=PROGRAM&Expires=1446618393&Signature=FTzOdjhZaRHNDFtHMdVNLoEFnDTHwdY~aX0bIenqhVSEIFGp4cLvEZC06wZHY0V5fNYd22Pnp0P55pNxPzto4NSaSlS2HznoN~0C-89EryaFL6jXHiV3ZZaW0HByJ1mDFJkPMk5XjgUYC8E-5pVzOtcPo6PzdBQgywG6d-tZVD4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hex-editor.exe

Scan hex-editor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.