home

iDump.exe

iDump

This is a setup program which is used to install the application. The file has been seen being downloaded from www.codershole.com and multiple other hosts.
Product:
iDump

Version:
1.00.0031

MD5:
c6b89da288cb80febb19d9cbcf83f616

SHA-1:
8204bfb5e66d6ea92d0d5a2d12e8a850962bbc5d

SHA-256:
330a1db3e164d3f5588840224e2fadd981fdfd9ed2f621c38dd585e6f7c5abee

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 12:39:18 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
HW32.CDB
1.3.0.4924

File size:
198 KB (202,752 bytes)

Product version:
1.00.0031

Original file name:
iDump.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\idump (freeware)\idump.exe

File PE Metadata
Compilation timestamp:
1/7/2010 3:53:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:24cRd3SlIIOjw2OJM5PVCya2meyQmxyM3WcJRh:24ChIgwpJmY2mRrxicx

Entry address:
0x4B0C

Entry point:
B8, F0, 78, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, AE, 41, 14, 2F, 22, 50, 38, 1C, 0E, 87, 30, 70, 3D, 90, 4C, B0, 59, CF, 67, AF, 58, 67, 70, F0, 78, FF, 11, FF, 3C, CF, 7F, F1, 9C, AE, C0, D2, CF, F3, BC, F3, E4, 26, 40, 5A, 3C, CF, F3, 3C, 74, 8E, A9, C2, D1, D8, F3, 3C, CF, F3, DE, E3, E9, EF, F6, C3, E1, 70, BC, 2F, 26, 50, 41, 70, 5B, 90, 74, 38, 1C, 0E, 87, B0, 8E, CF, A9, F0, C3, FF, D2, FF, 87, C3, E1, 70, D8...
 
[+]

Entropy:
7.8956  (probably packed)

Code size:
680 KB (696,320 bytes)

The file iDump.exe has been seen being distributed by the following 6 URLs.

http://www.codershole.com/downloads.php?id=f840fd3d9752b4d0960ad17e00859c22&dl=5

http://dc727.4shared.com/download/.../idump.exe

http://www.codershole.com/downloads.php?id=cfc1d7f1731e3abfd440cf836549f070&dl=5

http://www.codershole.com/downloads.php?id=ec3e43e31580de11b845f11055580239&dl=5

http://www.codershole.com/.../iDump.exe

http://www.codershole.com/downloads.php?id=b300b86df5c9d83191941116c0910884&dl=5

Scan iDump.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.