home

say.exe

Vistumbler.net

This is a setup program which is used to install the application. This file is installed with the program Vistumbler. The file has been seen being downloaded from raw.githubusercontent.com and multiple other hosts.
Publisher:
Vistumbler.net  (signed and verified)

Version:
3, 3, 9, 4

MD5:
01ccbbe0f36a0809e7cbc603be2c45f0

SHA-1:
29fb96a4635d7e11fe10d2f0bd73981511f27950

SHA-256:
6eb5712ba659fd51f5d800910ccd1849fc4827b782e31216023db2ef7f6af346

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/27/2024 7:22:52 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Siggen4.zfjzh
0.28.0.57029

Vba32 AntiVirus
Trojan.Autoit.F
3.12.24.3

File size:
799.8 KB (819,008 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\say.exe

Digital Signature
Signed by:
Vistumbler.net

Authority:
Vistumbler.net

Valid from:
10/17/2010 11:00:00 PM

Valid to:
12/31/2098 11:00:00 PM

Subject:
CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net

Issuer:
CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net

Serial number:
63338AFA59A37AB44C3EC63F7BDC6ED3

File PE Metadata
Compilation timestamp:
4/9/2012 7:11:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:tRBk7MpC7tYR4eYLEkiw4PKEgOHS1ZBvKEjGbCAlLxgaJlaJqlYMs:tFQeYLbKKEPS1bvKE2JCaJQkYMs

Entry address:
0x176DC

Entry point:
E8, EB, C2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, A8, 4B, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 60, 78, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C...
 
[+]

Code size:
535.5 KB (548,352 bytes)

The file say.exe has been discovered within the following program.

Vistumbler  by Vistumbler.net
Publisher's description - “Find Wireless access points - Uses the Vista command 'netsh wlan show networks mode=bssid' to get wireless information GPS Support. Speaks Signal Strength using sound files, windows sound api, or MIDI.”
www.vistumbler.net
39% remove it
 
Powered by Should I Remove It?

The file say.exe has been seen being distributed by the following 3 URLs.

https://raw.githubusercontent.com/RIEI/Vistumbler/9b4e523de98f4fb162ffe8d787cd87944744e9d6/.../say.exe

https://raw.github.com/RIEI/Vistumbler/9b4e523de98f4fb162ffe8d787cd87944744e9d6/.../say.exe

http://svn.vistumbler.net/viewvc/vistumbler/.../say.exe

Scan say.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.