home

plotter.exe

WinACE Self-Extractor

e-merge GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from ifrimv.altervista.org.
Publisher:
e-merge GmbH

Product:
WinACE Self-Extractor

Version:
1.2.0.0

MD5:
b3ef4adda2743a59c5651ea0e05b07cc

SHA-1:
85867e2a6f66b72f3301063966151bbc03f84507

SHA-256:
27c6f660dc45b6966f3520ab7be7260fcfed5ee24027ad8da79fa03aabcbf0c7

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 8:12:59 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

NANO AntiVirus
Trojan.Win32.Genome.bdcuqn
0.30.24.1357

Qihoo 360 Security
HEUR/QVM18.1.Malware.Gen
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
7.16.14.00

Trend Micro House Call
Suspicious_GEN.F47V0207
7.2.195

File size:
470 KB (481,280 bytes)

Product version:
1.2.0.0

Copyright:
1997-2000 Marcel Lemke & e-merge GmbH

Trademarks:
1997-2000 Marcel Lemke & e-merge GmbH

Original file name:
win32sfx.exe

File type:
Executable application (Win32 EXE)

Language:
Almanca (Almanya)

Common path:
C:\users\{user}\downloads\plotter.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TYcynhYFnaVVig+w/Y9CbQlcCsXOSALtvy+aF:T7k0w/w9AjKtvpaF

Entry address:
0x2D042

Entry point:
B8, 00, D0, 42, 00, 68, 64, 02, 41, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 30, 66, 81, C7, 80, 07, 8D, 74, 06, 08, 89, 38, 8B, 5E, 10, 50, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 19, 6A, 06, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 68, 81, C6, E4, 00, 00, 00, F3, A5, FF, D3, 58, 8D, 90, B8, 01, 00, 00, 8B, 0A, 0F, BA, F1, 1F, 73, 16, 8B, 04, 24, FD, 8B, F0, 8B, F8, 03, 72, 04, 03, 7A, 08, F3...
 
[+]

Entropy:
7.9776

Packer / compiler:
Petite 2.2

Code size:
55.5 KB (56,832 bytes)

The file plotter.exe has been seen being distributed by the following URL.

http://ifrimv.altervista.org/cnc/.../Plotter.exe

Scan plotter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.