home

_start.exe

_geolib

Eversim

Publisher:
Eversim  (signed and verified)

Product:
_geolib

Description:
_geolib

Version:
1, 0, 0, 1

MD5:
cef8390acd3de1be98a917322d7306b0

SHA-1:
207626fa8e790436157907a6a69a858f08c1e07e

SHA-256:
a2b0a1abf6ffdedc02b0b95f55193ea9a5edf1b26c368e7e202775ba1be19fe2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/16/2024 7:39:55 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
Malware.Generic.1!tfe (thunder:1:iaatJxU0atO)
23.00.65.17220

File size:
6.4 MB (6,695,240 bytes)

Product version:
6, 30, 0, 0

Copyright:
Copyrights by Eversim - All rights reserved

Original file name:
_geolib.rc

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Eversim

Authority:
COMODO CA Limited

Valid from:
2/3/2017 2:00:00 AM

Valid to:
2/4/2020 1:59:59 AM

Subject:
CN=Eversim, O=Eversim, STREET=13 Place des Libertés Publiques, STREET=Immeuble Le Mandinet II - Bat B, L=Lognes, S=Ile de France, PostalCode=77185, C=FR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F60BFE5F024303FD69D033FD5651E9F9

File PE Metadata
Compilation timestamp:
2/14/2017 4:23:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x4D27A000

Entry point:
EB, 04, 10, A2, E7, D6, 50, EB, 05, 83, A0, 38, ED, AD, E8, 14, 00, 00, 00, EB, 03, 2A, 9E, BF, EB, 03, 69, 07, 9F, 33, C0, 7B, 48, 71, 59, EB, 02, 1B, B7, EB, 05, D3, 97, 46, 60, 16, B8, 07, 48, 12, F7, EB, 02, 65, 8A, EB, 01, 1C, 05, F9, B7, ED, 08, EB, 05, F1, 7B, 0D, D5, A3, 75, 34, EB, 01, D2, 64, FF, 30, EB, 02, BE, AB, 64, 89, 20, EB, 05, 10, 97, 2D, A7, 67, EB, 02, 3E, 84, 8B, 10, EB, 01, 34, 64, 8F, 00, EB, 02, F3, DC, 83, C4, 04, EB, 01, DE, 58, EB, 02, 13, BB, C3, EB, 02, D2, BC, EB, 03, E9, 9F...
 
[+]

Code size:
13.2 MB (13,824,000 bytes)

Windows Firewall Allowed Program
Name:
power & revolution


Scan _start.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.