multispecwin32z.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from engineering.purdue.edu.
MD5:
c38fd81a6b820a77ee63f0caf3287f4f

SHA-1:
c84cb1aa21402a1076a4daf756976916bd6ce645

SHA-256:
805617e13416ea43934d3e8b5282eff2715cd17a63f81e47328358dbb3c30f41

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 1:41:18 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

Trend Micro House Call
Suspicious_GEN.F47V0301
7.2.157

Zillya! Antivirus
Trojan.PopUpper.Win32.60
2.0.0.2207

File size:
3.7 MB (3,830,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\multispecwin32z.exe

File PE Metadata
Compilation timestamp:
5/25/2011 5:18:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:2mVLrtoY15q6UGzABKevXH91xSL40ssiMVVmUn6+be0wGC9gP/Rp:pFlk6UG8BKg31j0BiQdn6lBLgP/j

Entry address:
0x6791

Entry point:
E8, B9, 27, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, D6, A9, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, A8, 11, 41, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Code size:
51 KB (52,224 bytes)

The file multispecwin32z.exe has been seen being distributed by the following URL.

Scan multispecwin32z.exe - Powered by Reason Core Security