home

IRW.exe

Investigator Report v16

MDansby.com LLC

This is a self-extracting archive and installer. The file has been seen being downloaded from www.winsite.com.
Publisher:
MDansby.com LLC  (signed and verified)

Product:
Investigator Report v16

Description:
This installer contains the logic and data required to install Investigator Report v16.

Version:
1.0.0

MD5:
9846c84e76eb1ac5a94742ff7d556cb4

SHA-1:
5203f2c1574f7ae8026f0134b77928b3ee9cdef8

SHA-256:
3324bb09ab1937672c8de68ca3c831843141eeaae75952573d49260f18072ca7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:29:49 PM UTC  (today)

File size:
84.4 MB (88,510,016 bytes)

Product version:
1.0.0

Copyright:
Copyright (C) MDansby.com LLC

Original file name:
IRW.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\irw.exe

Digital Signature
Signed by:
MDansby.com LLC

Authority:
COMODO CA Limited

Valid from:
4/27/2015 1:00:00 AM

Valid to:
4/27/2020 12:59:59 AM

Subject:
CN=MDansby.com LLC, OU=Sales Department, O=MDansby.com LLC, STREET=244 Fifth Avenue, STREET="#L281", L=New York, S=NY, PostalCode=10001, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
79477347F3881A954D5466F95DE15CA1

File PE Metadata
Compilation timestamp:
11/29/2011 12:21:03 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:luob2cMq5frUErYk2V3Sx3iqLh3yBY0aUiN8//igQYnU1ZDp2SjLogNAV4UyK+VG:luob2cMq5zP92VeP30adg1ngD2SnoL6A

Entry address:
0x9E5F9

Entry point:
E8, 32, B9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 1A, 38, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, E5, D3, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, F6, 37, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C1, D3, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, C7, 37, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
7.9922  (probably packed)

Code size:
817 KB (836,608 bytes)

The file IRW.exe has been seen being distributed by the following URL.

http://www.winsite.com/Business/Database-Management/Investigator-Report-Detective-Case-Management-Software/.../54459

Scan IRW.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.