lan_realtek_v7.17.304.2010_win7-64_dar_10sm-d1.exe

The executable lan_realtek_v7.17.304.2010_win7-64_dar_10sm-d1.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from solutions.us.fujitsu.com.
MD5:
786277eba153a88c81c30eb45825ed97

SHA-1:
ff643cd7ba8797ce7bb0e076840fd8ed2cd0752a

SHA-256:
9a68360b7a7ae2054e617bbca5f8a0b96c5d2dbcdeb579eb3ad59c70a316a7a7

Scanner detections:
3 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 5:44:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

File size:
530 KB (542,722 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lan_realtek_v7.17.304.2010_win7-64_dar_10sm-d1.exe

File PE Metadata
Compilation timestamp:
9/16/2008 7:17:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
12288:05OCqsUeacW2GPx/EFPAe+Un5pAj7utHh+9:0ICDpyEB/3nTAnutI9

Entry address:
0x1000

Entry point:
F7, C3, FA, 93, 43, 9C, F6, C5, 1B, BD, 64, 6F, AF, E1, 80, EA, 0E, 0F, BE, EA, 1A, F2, 0F, AF, EA, BB, A1, 1A, CD, 63, 05, D8, B8, 00, 00, F6, C1, 0D, 49, 02, DE, 2D, 3C, 09, 00, 00, 80, D3, 99, 88, FF, 53, 84, E4, 49, 0F, BF, C3, B2, 9B, 8D, 35, E8, 63, 70, 3F, 01, D3, 8D, 1D, 44, C3, E8, 8B, B4, C2, E8, 00, 00, 00, 00, 5A, 80, F1, C9, 31, EE, B5, 92, F6, C2, A0, 88, EC, 2B, E8, FF, C0, 2C, 22, 88, D7, 4E, 70, 02, 0C, 48, EB, 01, 48, 89, D1, 0F, AF, DF, 8B, CD, BD, 00, 00, 00, 00, 72, 06, F7, C3, 95, F2...
 
[+]

Entropy:
7.7723  (probably packed)

Code size:
80 KB (81,920 bytes)

The file lan_realtek_v7.17.304.2010_win7-64_dar_10sm-d1.exe has been seen being distributed by the following URL.