home

irfanview - 052_slunecnice.exe

PS Media s.r.o.

This is a setup program which is used to install the application. The file has been seen being downloaded from software.seznam.cz and multiple other hosts.
Publisher:
PS Media s.r.o.  (signed and verified)

Version:
3.1.0.0

MD5:
1f5d9621c9904d9d57eb1d21357bb6c8

SHA-1:
65e0dac1cf56f4d6044d095040b7b4c09b503827

SHA-256:
902bb0eb226aad824c2bfe87121a3818b43c3e4b0ef30384a7a1e10003c93d0a

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/26/2024 12:45:38 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

File size:
2.9 MB (3,075,192 bytes)

Product version:
3.1.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\irfanview - 052_slunecnice.exe

Digital Signature
Signed by:
PS Media s.r.o.

Authority:
COMODO CA Limited

Valid from:
8/4/2014 1:00:00 AM

Valid to:
8/4/2017 12:59:59 AM

Subject:
CN=PS Media s.r.o., O=PS Media s.r.o., POBox=73961, STREET=Oldrichovice 738, L=Trinec, S=CZ, PostalCode=73961, C=CZ

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3C313D030E40B56863A62B5026D0B007

File PE Metadata
Compilation timestamp:
7/17/2015 1:31:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:RlbqdCslJwSu1lQtw/ZJ2Y2gZtWHgmC6YU:TOduLQ6qgZtte

Entry address:
0x2920E8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, 66, 68, 00, E8, 0C, C9, D7, FF, A1, 8C, BB, 69, 00, 8B, 00, E8, 20, 47, F4, FF, A1, 8C, BB, 69, 00, 8B, 00, BA, 4C, 21, 69, 00, E8, 3F, 41, F4, FF, 8B, 0D, FC, B8, 69, 00, A1, 8C, BB, 69, 00, 8B, 00, 8B, 15, 4C, 36, 68, 00, E8, 0F, 47, F4, FF, A1, 8C, BB, 69, 00, 8B, 00, E8, 5F, 48, F4, FF, E8, F6, 78, D7, FF, 00, 00, B0, 04, 02, 00, FF, FF, FF, FF, 0B, 00, 00, 00, 53, 00, 49, 00, 6E, 00, 73, 00, 74, 00, 61, 00, 6C, 00, 61, 00, 74, 00, 6F, 00, 72, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.6 MB (2,690,048 bytes)

The file irfanview - 052_slunecnice.exe has been seen being distributed by the following 16 URLs.

http://software.seznam.cz/package?filename=Adobe Reader - Adobe Flash Player - 008027.exe

http://software.seznam.cz/package?filename=Total Commander - 054030_slunecnice.exe

http://software.seznam.cz/package?filename=VLC - 004.exe

http://software.seznam.cz/package?filename=OpenOffice - 036030_instaluj.exe

http://software.seznam.cz/package?filename=Adobe Reader - 008030.exe

http://software.seznam.cz/package?filename=Total Commander - 054_slunecnice.exe

http://software.seznam.cz/package?filename=Adobe Reader - Adobe Flash Player - 008027030.exe

http://software.seznam.cz/package?filename=AVG AntiVirus FREE - 056_slunecnice.exe

http://software.seznam.cz/package?filename=VLC - 004030.exe

http://software.seznam.cz/package?filename=Skype - Adobe Flash Player - 042053030_slunecnice.exe

http://software.seznam.cz/package?filename=Avg - 026.exe

http://software.seznam.cz/package?filename=VLC media player - 050_slunecnice.exe

http://software.seznam.cz/package?filename=Skype - 005.exe

http://software.seznam.cz/package?filename=AVG AntiVirus FREE - 056030_slunecnice.exe

http://software.seznam.cz/package?filename=Skype - 005030.exe

http://software.seznam.cz/package?filename=Mozilla Firefox - 003030.exe

Scan irfanview - 052_slunecnice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.