pwsafe-3.38.2.exe

Rony Shapiro

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.
Publisher:
Rony Shapiro  (signed and verified)

MD5:
47d5b5cee03ff15f4b1363734a95c5da

SHA-1:
fab68cb9fddc2122b06ff118c34f04181a5f1f49

SHA-256:
7633190ade8b0f06adea86e3d41d8fe63d3cce3c8104b9387c40af19eb1cc5f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 3:10:03 PM UTC  (today)

File size:
11.5 MB (12,054,376 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\pwsafe-3.38.2.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
2/5/2016 5:00:00 AM

Valid to:
2/8/2019 5:00:00 PM

Subject:
CN=Rony Shapiro, O=Rony Shapiro, L=Tel-Aviv, C=IL

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
063B25C57E44EA16043FA11A0940207A

File PE Metadata
Compilation timestamp:
12/6/2009 3:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:x/esVmUluzRfox8Zr/Eb7t5WlRL4vAAY6XLQe0MEY/m+pelizGhLSya4nVP7z038:x/BEO8w+vL4IkXLPjm+pelizwLdDnZ7b

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9980

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pwsafe-3.38.2.exe has been seen being distributed by the following 19 URLs.

https://download.fosshub.com/Protected/expiretime=1466266877;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/ab3c65a8d10752ab98fa56a318b1ba091267f41a82b3acd237be55b16ad139ce/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1457536347;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/edd3d8888462d3c7d76b564ee304f9a74c59129636a9eb369740c257a8a80641/.../pwsafe-3.38.2.exe

https://microsoft.sharepoint.com/teams/secse/_layouts/15/download.aspx?SourceUrl=/teams/secse/SecSE Resources/PasswordSafe/pwsafe-3.38.2.exe&FldUrl=&Source=https://microsoft.sharepoint.com/teams/secse/SecSE Resources/.../AllItems.aspx?RootFolder=/teams/secse/SecSE Resources/PasswordSafe&FolderCTID=0x0120009C5C4643BD88B84785FED1A844C099CC

https://download.fosshub.com/Protected/expiretime=1462305491;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/a14ac80cc41f0a176ea7c2f801e87746f981a845cc0f29813909dd1f85632517/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1464284639;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/25c88eb72cd94935b9dc7e9299a0b8cfbc79967e58bf895ba813717923604eb5/.../pwsafe-3.38.2.exe

https://github.com/pwsafe/pwsafe/releases/download/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1467059955;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/b75507b38a98ce2c0b6348c8ec2529d6c268585064d7a44dae58616ae706226d/.../pwsafe-3.38.2.exe

Scan pwsafe-3.38.2.exe - Powered by Reason Core Security