home

ip4_0engallmsi.exe

Microsoft IntelliPoint

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dosbox95.darktraveler.com.
Publisher:
Microsoft Corporation

Product:
Microsoft IntelliPoint

Version:
4.0

MD5:
6e76565fed8503e5317b0c8ac93a7af0

SHA-1:
b6d4163d38bbc138e43e6e020fe585163b3528c2

SHA-256:
42d80af66ee4f934961b71cebda1776d46a29765f7b965850e5962e6fec24171

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 10:31:39 AM UTC  (today)

File size:
7.1 MB (7,404,800 bytes)

Product version:
4.0

Copyright:
Copyright (C) Microsoft Corp. 1983-2001

Original file name:
stub32i.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ip4_0engallmsi.exe

File PE Metadata
Compilation timestamp:
3/28/2000 1:09:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:QOeaFu8nlbyyaHFVUBH2CY4DjCWSaPSE/QotZ7Qe8EpGYODG/MQzw8y:tblbyyalVUq4jVDL4otZ7QGGYiG/HM8y

Entry address:
0x83F7

Entry point:
0B, C8, 08, FF, 14, 47, FF, CD, 0F, BF, F5, C6, C4, 49, F2, 8A, F8, BA, 43, 81, 53, B5, F3, 8B, DD, 53, 68, 86, D9, F3, 00, 74, 02, 04, 6F, E8, 65, 00, 00, 00, 0F, AF, FA, BD, EB, EE, 35, 8E, 12, F5, 69, C6, 95, 7C, D3, FE, 4F, F7, C6, 1D, AE, B0, 06, 03, F1, 87, D2, C6, C0, 62, 6A, 00, 5D, 8D, 3D, 92, 09, 6A, 5C, C7, C3, E6, 62, F2, 2C, F6, C6, A7, 8A, CE, 0F, AF, C6, 89, FA, 87, CE, 81, C5, EE, F6, FF, FF, B6, 84, 1B, D1, 81, C5, 13, 09, 00, 00, F7, C7, AB, CF, 5E, EB, 8B, CB, 71, 06, 69, C8, A2, D8, 40...
 
[+]

Code size:
68 KB (69,632 bytes)

The file ip4_0engallmsi.exe has been seen being distributed by the following URL.

http://dosbox95.darktraveler.com/.../IP4_0EngALLMsi.exe

Scan ip4_0engallmsi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.