relogio de ponto demo.exe

XLtoEXE

Orlando's VBA and Excel Site

This is a setup program which is used to install the application. The file has been seen being downloaded from dc443.4shared.com and multiple other hosts.
Publisher:
Orlando's VBA and Excel Site

Product:
XLtoEXE

Description:
Excel application converted by XLtoEXE utility.

Version:
2.00.0005

MD5:
5b75d6eefa79038c1823b26803e49447

SHA-1:
70b857f63acb277f7c2df0bb467c37d3586f430a

SHA-256:
bda5393c937d16f50c9fe3a58b084400cc641de9eb395d438b0ce19e84833cc7

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/25/2024 6:15:43 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

Trend Micro House Call
Suspicious_GEN.F47V0528
7.2.170

File size:
1018.1 KB (1,042,571 bytes)

Product version:
2.00.0005

Copyright:
Copyright © 2003-2013 Fco Orlando Magalhaes Filho. All rights reserved.

Trademarks:
Microsoft® Excel® is a registered trademark of Microsoft Corporation.

Original file name:
XLtoEXE.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\relogio de ponto demo.exe

File PE Metadata
Compilation timestamp:
7/31/2013 3:52:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sRXToTh2bJjCXlY6e2Ht5n8pOGlsQ6lTR5TGE+DHNiv7yRn5Ve/ONj/:sRDM2lIxe2N5KCQ6lTREk7k5VWOl/

Entry address:
0x1BD0

Entry point:
68, F8, 1D, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 38, 00, 00, 00, A1, 40, 86, 60, 57, F4, 5D, 4C, A0, 42, 73, 74, C1, 62, 2C, 46, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 20, A2, FB, 00, 58, 4C, 74, 6F, 45, 58, 45, 00, 54, 6F, 20, 63, 6F, 6E, 76, 65, 72, 74, 20, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 20, 45, 78, 63, 65, 6C, 20, 66, 69, 6C, 65, 73, 20, 74, 6F, 20, 45, 58, 45, 2E, 00, C1, 40, 00, D8, C0, 40, 00, 00, 00, 00, 00, 01, 00, 01, 00, 04, 22, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
48 KB (49,152 bytes)

The file relogio de ponto demo.exe has been seen being distributed by the following 2 URLs.

Scan relogio de ponto demo.exe - Powered by Reason Core Security