iDumpInstaller.exe

iDump

EscSoft

This is a self-extracting archive and installer. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
Publisher:
EscSoft

Product:
iDump

Description:
This installer database contains the logic and data required to install iDump.

Version:
2.0.70.0

MD5:
54536d240aeb44479aa69d7ba1ad6ff0

SHA-1:
50448572ef719fc1f6fa3d4779591730fcae727e

SHA-256:
763df48aa1559397fc3c53a1770511f85323cdcf89386a39a0677e4ad7f08c4b

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 5:35:23 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!54536D240AEB
5600.6835

Trend Micro House Call
Suspicious_GEN.F47V1227
7.2.64

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

Zillya! Antivirus
Trojan.Agent.Win32.491146
2.0.0.2059

File size:
12.1 MB (12,646,275 bytes)

Product version:
2.0.70.0

Copyright:
Copyright (C) 2014 EscSoft

Original file name:
iDumpInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\idumpinstaller.exe

File PE Metadata
Compilation timestamp:
6/17/2014 7:05:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:9R5WzM/Bcs5Tex2i12D3OtGIx/UXwNOu8oXtT:l/BcsgxX8TknxMXwNZpXJ

Entry address:
0xC831C

Entry point:
E8, 41, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4E, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.9327  (probably packed)

Code size:
1020.5 KB (1,044,992 bytes)

The file iDumpInstaller.exe has been seen being distributed by the following 3 URLs.

Scan iDumpInstaller.exe - Powered by Reason Core Security