home

pf-setup-en-653.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from photofiltre.free.fr.
MD5:
0aad2f2e2118f1fee416eb4d27c1efcd

SHA-1:
a5a2da948fa2d78949919c9763298c053f907461

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 11:44:00 PM UTC  (a few moments ago)

File size:
1.9 MB (2,010,478 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\Documents and Settings\{user}\My documents\downloads\pf-setup-en-653.exe

File PE Metadata
Compilation timestamp:
6/7/2009 5:41:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:g/BAeLXh2KqgJ8lYeH1WyAUQ4lps/66cdl:iAMoKBJ8lYqAipUtI

Entry address:
0x30CB

Entry point:
60, 81, DD, 74, CE, A5, 48, 0F, AF, CB, 81, CA, AC, 40, 06, FF, 52, 57, 14, BB, 80, D4, 18, 0F, AF, D7, 1B, DB, F2, 0F, A4, C3, 44, 8D, 08, 32, D8, 12, D5, C1, FB, 78, 0B, F3, 81, FE, B3, 11, 00, 00, 74, 02, 30, E2, 83, E6, 00, 80, CF, 26, FF, C2, 0F, A5, EA, 0F, BA, FF, 05, 43, 84, F9, C7, C0, 7F, E9, F5, 3D, C0, F7, 5F, D3, E8, 8D, 0D, 32, FB, FF, FF, 81, F9, 9F, 16, 00, 00, 72, 02, 0F, C8, 81, F1, 0B, 00, 00, 00, 0F, AF, C2, 8D, 05, F0, 4C, A0, 0E, C1, E8, 27, 8D, 29, F7, DF, 81, ED, 9A, 02, 00, 00, F6...
 
[+]

Entropy:
7.9781  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file pf-setup-en-653.exe has been seen being distributed by the following URL.

http://photofiltre.free.fr/.../pf-setup-en-653.exe

Scan pf-setup-en-653.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.