» installation.exe
Overview
Analysis
File Details
Downloads (4)

installation.exe

Personnalisez votre PC

Microsoft Corporation

File name:

installation.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Personnalisez votre PC

Version:

1, 0, 0, 1

MD5:

ed777757964046792a35582e220cb9d4

SHA-1:

6c034202ee9424cef91db9d73c847d060e7ce893

SHA-256:

1ea55be3294eb4611e8f1d7d1f05d4acf1be0bbd8d631027bb51f1e909f80601

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/27/2024 6:27:16 AM UTC (today)

File size:

2.4 MB (2,534,088 bytes)

Product version:

1, 0, 0, 1

Original file name:

PersonnalisezVotrePC.exe

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\installation.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

1/24/2013 10:33:39 PM

Valid to:

4/24/2014 11:33:39 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata

Compilation timestamp:

11/8/2013 5:42:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:7k/waYlHM7jkAUcTCig9L/WXWp1OMWJ3u+AlVv6azKQGV7fGQ:M4HM7PFgYmp1OZY+A/tKQGV73

Entry address:

0x97FB6

Entry point:

E8, 32, 9B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 48, 18, 4B, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B4, 12, 4B, 00, C9, C2, 08, 00, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00... 
[+]

Entropy:

7.3392

Code size:

700.5 KB (717,312 bytes)

The file installation.exe has been seen being distributed by the following 4 URLs.

http://personnalisez-votre-pc.fr.msn.com/resources/.../fond-d-ecran-palmier-plongeant.exe

http://personnalisez-votre-pc.fr.msn.com/resources/.../ecran-de-veille-ciel-etoile.exe

http://personnalisez-votre-pc.fr.msn.com/resources/.../fond-d-ecran-nouvel-an-tokyo.exe

http://personnalisez-votre-pc.fr.msn.com/resources/.../ecran-de-veille-feu-de-cheminee.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.