» NDP461-KB3102438-Web.exe
Overview
Analysis
File Details
Downloads (30)

NDP461-KB3102438-Web.exe

Microsoft .NET Framework 4.6.1

Microsoft Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from 177.205.9.165 and multiple other hosts.

File name:

NDP461-KB3102438-Web.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft .NET Framework 4.6.1

Description:

Microsoft .NET Framework 4.6.1 Setup

Version:

4.6.01055.00

MD5:

4d1bb86d0eee168e1da91a36350c1c21

SHA-1:

ee88b05232f43b517d4a368f7ee5065cde7f67fa

SHA-256:

e10c2a36c5013ee83815fcc38963ae3e5c4afd7ffe770e817322fe366bdef6e1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

12/26/2024 1:28:19 AM UTC (today)

File size:

1.4 MB (1,424,328 bytes)

Product version:

4.6.01055.00

Original file name:

NDP461-KB3102438-Web.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\ndp461-kb3102438-web.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/4/2015 11:42:45 AM

Valid to:

9/4/2016 11:42:45 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000010A2C79AED7797BA6AC00010000010A

File PE Metadata

Compilation timestamp:

9/21/2015 3:54:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:vBaY9lr9VaSmtLvUDSRbm4Jah1rVxkbxTKtHiR5XohssCN48EBovl3ouKxVKIcFq:vUY9lr9PeTUDBzrVx410QoQHESvdoHxh

Entry address:

0x18BDF

Entry point:

E8, CB, 19, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 50, 80, 42, 00, 75, 02, F3, C3, E9, 52, 1A, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, D0, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 66, 8B, 4D, 0C, 83, E8, 02, 3B, C2, 74, 05, 66, 39, 08, 75, F4, 66, 39, 08, 74, 02, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 57, 85, F6, 74, 07, 8B, 7D, 0C, 85, FF, 75, 15, E8, EC, 1C, 00, 00, 6A, 16, 5E, 89, 30, E8, 90, 1C, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, 45, 10, 85, C0, 75, 05, 66, 89, 06, EB, DF, 8B, D6, 2B... 
[+]

Entropy:

7.9315 (probably packed)

Code size:

155 KB (158,720 bytes)

The file NDP461-KB3102438-Web.exe has been seen being distributed by the following 30 URLs.

http://177.205.9.165/data/5d1b101068aa1a98/download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

http://f51.x8top.net/2107tmp/cf/soft/2015/12/ba/.../net-framework_461_web.exe

http://go.microsoft.com/.../?LinkId=671728

https://sa.travelportservices.com/extranet/data/saudi/.../NDP461-KB3102438-Web.exe

http://195.31.68.158/data/650db0c02fa9ba92/download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

https://mega.nz/temporary/.../E91QSJRZ

http://124.109.125.6/data/8feba0306d34331b/download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

http://dl.msdn.com/.../mu_.net_fx_4_6_1_for_win_7sp1_8_8dot1_10_win_server_2008_r2sp1_2012_2012r2_x86_x64_web_installer_7277629.exe

https://mega.nz/persistent/.../E91QSJRZ

http://c236.y8top.net/2107tmp/cf/soft/2015/12/ba/.../net-framework_461_web.exe

http://f30.x8top.net/2107tmp/cf/soft/2015/12/ba/.../net-framework_461_web.exe

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M160730075301TNP&murl=http://go.microsoft.com/.../?LinkID=671728&source=dotnet

http://download.my.visualstudio.com/.../mu_.net_fx_4_6_1_for_win_7sp1_8_8dot1_10_win_server_2008_r2sp1_2012_2012r2_x86_x64_web_installer_7277629.exe

https://doc-04-4g-docs.googleusercontent.com/docs/securesc/dba6pdajb40l7f7qovs7kbh41a8605m0/9b5ih42ol0qu11lnlecq58ahqi263r5o/1467201600000/11899106267849527175/.../0B17Z21MieOlkWFFVdmNMU1RhS2c?e=download

http://113.171.224.205/.../NDP461-KB3102438-Web.exe

http://share2.earthlinktele.com/download.aspx?file=2117321187&sig=MjUvMDYvMjAxNiAxMzoxMTo0Nw==

http://180.149.99.6/data/03dba0d07e6a9a1c/download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

http://go.microsoft.com/.../?linkid=671728&clcid=0x409

http://www.download3k.com/DownloadLink1-Microsoft-.NET-Framework.html

http://f51.softwaretop.net/2107tmp/cf/soft/2015/12/ba/.../net-framework_461_web.exe

temp:NDP461-KB3102438-Web.exe

http://177.205.9.217/data/3ec3f07028b12a97/download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

http://f30.softwaretop.net/2107tmp/cf/soft/2015/12/ba/.../net-framework_461_web.exe

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=412831M1M151225035518GPS&murl=http://go.microsoft.com/.../?LinkID=671728&source=dotnet

http://download888.mediafire.com/9amqzuocv9gg/.../NDP461-KB3102438-Web-sigmapc100.exe

https://go.microsoft.com/.../?LinkId=671728

https://docs.google.com/uc?authuser=0&id=0B4P_814KzvykTUFPNFk3VVhIY0U&export=download

http://download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

http://go.microsoft.com/.../?LinkID=671728&source=dotnet

https://download.microsoft.com/download/3/5/9/.../NDP461-KB3102438-Web.exe

Latest 30 of 30 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.