» pwsafe-3.38.2.exe
Overview
Analysis
File Details
Downloads (19)

pwsafe-3.38.2.exe

Rony Shapiro

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.

File name:

pwsafe-3.38.2.exe

Publisher:

Rony Shapiro (signed and verified)

MD5:

47d5b5cee03ff15f4b1363734a95c5da

SHA-1:

fab68cb9fddc2122b06ff118c34f04181a5f1f49

SHA-256:

7633190ade8b0f06adea86e3d41d8fe63d3cce3c8104b9387c40af19eb1cc5f3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 12:31:32 AM UTC (today)

File size:

11.5 MB (12,054,376 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\programs\pwsafe-3.38.2.exe

Digital Signature

Signed by:

Rony Shapiro

Authority:

DigiCert Inc

Valid from:

2/5/2016 5:00:00 AM

Valid to:

2/8/2019 5:00:00 PM

Subject:

CN=Rony Shapiro, O=Rony Shapiro, L=Tel-Aviv, C=IL

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

063B25C57E44EA16043FA11A0940207A

File PE Metadata

Compilation timestamp:

12/6/2009 3:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:x/esVmUluzRfox8Zr/Eb7t5WlRL4vAAY6XLQe0MEY/m+pelizGhLSya4nVP7z038:x/BEO8w+vL4IkXLPjm+pelizwLdDnZ7b

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9980

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file pwsafe-3.38.2.exe has been seen being distributed by the following 19 URLs.

https://download.fosshub.com/Protected/expiretime=1466266877;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/ab3c65a8d10752ab98fa56a318b1ba091267f41a82b3acd237be55b16ad139ce/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1457536347;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/edd3d8888462d3c7d76b564ee304f9a74c59129636a9eb369740c257a8a80641/.../pwsafe-3.38.2.exe

https://microsoft.sharepoint.com/teams/secse/_layouts/15/download.aspx?SourceUrl=/teams/secse/SecSE Resources/PasswordSafe/pwsafe-3.38.2.exe&FldUrl=&Source=https://microsoft.sharepoint.com/teams/secse/SecSE Resources/.../AllItems.aspx?RootFolder=/teams/secse/SecSE Resources/PasswordSafe&FolderCTID=0x0120009C5C4643BD88B84785FED1A844C099CC

https://download.fosshub.com/Protected/expiretime=1462305491;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/a14ac80cc41f0a176ea7c2f801e87746f981a845cc0f29813909dd1f85632517/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1464284639;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/25c88eb72cd94935b9dc7e9299a0b8cfbc79967e58bf895ba813717923604eb5/.../pwsafe-3.38.2.exe

https://github.com/pwsafe/pwsafe/releases/download/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1467059955;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/b75507b38a98ce2c0b6348c8ec2529d6c268585064d7a44dae58616ae706226d/.../pwsafe-3.38.2.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../pwsafe-3.38.2.exe

http://filehippo.com/download/file/.../

https://download.fosshub.com/Protected/expiretime=1459539251;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/8e6300d0962bbcf2af3df21ddfb6d7cc61aa0ff46a7c464f5fabf923b7ea28c9/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1462776092;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/8ee974ff4fcd0c1c08ffb4f585d8e12dac7ff9e4a9068bb7054237d24d8254ba/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1460436346;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/4d703816e7420e233cfe36445ad91983d0dee000ce87f5efa75d36b0290906b0/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1464023270;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/6a7a007c114feae3feb443039559e98809cc0d6c08418a1ba393347bf790fa6d/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1462777950;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/62de47aff28c8ba265a5ab3b743dacdf95706dc881b109d4a6894dd9c76faf81/.../pwsafe-3.38.2.exe

https://github-cloud.s3.amazonaws.com/releases/.../c06961b6-d41b-11e5-84c7-b2cc15c4507f.exe

https://download.fosshub.com/Protected/expiretime=1458204081;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/f9012316c57691c690704ddb26355ff0174cb8fdb9cb8b31f40a482814161dc5/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1457987067;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/0e42effa946c22644453a141b60c09694bc647a5ddb09bb50f7fd8fc28d38493/.../pwsafe-3.38.2.exe

https://download.fosshub.com/Protected/expiretime=1456263952;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9QYXNzd29yZC1TYWZlLmh0bWw=/020a2e0a5391cdbfe6088e1b0c0d2dd49748c2616a022ddef5b43d442d77444f/.../pwsafe-3.38.2.exe

http://downloads.sourceforge.net/project/passwordsafe/passwordsafe/.../pwsafe-3.38.2.exe

Scan pwsafe-3.38.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.