» uleaddvdwork.exe
Overview
Analysis
File Details
Downloads (9)

uleaddvdwork.exe

InstallShield

InstallShield Software Corporation

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

uleaddvdwork.exe

Publisher:

InstallShield Software Corporation

Product:

InstallShield (R)

Description:

InstallShield (R) Setup Launcher

Version:

7, 01, 100, 1248

MD5:

29bd8d2d71ea678b6494d62cdedbfd99

SHA-1:

e8a86c982d6f140d867faa4ae657e34a43450f97

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/23/2024 6:09:35 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Microsoft Corporation

2016.0.2914

File size:

67.8 MB (71,048,923 bytes)

Product version:

7, 01

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

File PE Metadata

Compilation timestamp:

12/2/2002 8:31:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1572864:MK1BqoNx3marSKzVsMQu4zCjyKBtfJsQ4k9INqcshA4rbt9DG:HnF5QWrtfWzkDDW

Entry address:

0xB1CC

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, 44, 01, 41, 00, 8B, F0, 85, F6, 75, 08, 6A, FF, FF, 15, 40, 01, 41, 00, 8A, 06, 57, 8B, 3D, 08, 02, 41, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 3C, 01, 41, 00, F6, 45, E8, 01, 5F, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF... 
[+]

Entropy:

7.9967

Packer / compiler:

InstallShield Custom

Code size:

57.5 KB (58,880 bytes)

The file uleaddvdwork.exe has been seen being distributed by the following 9 URLs.

http://gsf-cf.softonic.com/e8a/86c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=22511&instance=softonic_es&type=PROGRAM&Expires=1472299246&Signature=SmBbqi~-xa3l4Vonpi76GZZiyKjpNMCHuz~U~p5lF~T0Ku0VARxbPubPK63WOyuweVHcgJ1ML2qYTn6J5Zw59-sm8pXWz95KTgQTG7t8TCIN7BsrCV8ere~Ok2UJFOitGtknlZnX~kZa0UQdb-y68U8z9Desazwc2KlOic2buI4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=dws2_trial_e.exe

https://ulead-dvd-workshop.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOGK0KH LEVvXO4LQdXrANol/EbGLuYZsHA6jc1xbmbu2WUGzGzMOI/PIVUe2qONIDIOhSt5 wfcPknq8vdS1GhAAOeBxhQx3TP81crVsPTptPDxGtXOYPvcrTwo8s7To1o11M0JLQRquKWB/fKjVH/ii5gZjH/ETNUEVqTwyZPKfXMyPzWTUlBeaWTNdAtyFdkWSEIoIRlW5Kzt33B R2cBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlWcz0DCKuK1ecI/.../f9OLoTdGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7cw7Qo3iu1rNU0Iah8HPipq32OEkPLYZlz1c5PUgYPZFA

http://files.downloadnow.com/s/software/10/25/99/.../dws2_trial_e.exe

http://gsf-cf.softonic.com/e8a/86c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=22511&instance=softonic_en&type=PROGRAM&Expires=1478719217&Signature=h3ZSBVowsCoroLOd1q7xGJRI6sS2gPuy2uagmw94Pnku16WW2oQSkICjjt~V-sBAx8mDfE1cqPpGBAYPyR20LO~5FUsj1A6cM1Cq~AzGzYDy28MoH7L~9xLDbj2D3D9LlGje~lFbpVYqOQjn4MIg6PFD3PPpmTg8wPhPhiPLs6E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=dws2_trial_e.exe

http://www.ranchsendgift.com/ov sDj7awiHIP0zCO6ewl_pRy9yeuZGYNtHsB9WIHM46HzEzc5j9h6wWURZS0zvicew47jFbtNo24dl8gewj7J9y0zmfbPLKr0w3BOlv1EqdafSOneMrPMuE ia6gOKyRDeU eLsXkJreTFGXSyioXJGbTXE3F6n5PfBlP6Rlb4Ik ESg49655CDBTBDseXE4H7lun4N4Rltqe56S0LdinHzPWCp8w==-GzMAAES3eX4KXre_GC4IPKSSgg04cIoySwfAW9o6EDfeeYs64SFzqgfrXp4c7who0WIgfAA=

http://gsf-cf.softonic.com/e8a/86c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=22511&instance=softonic_es&type=PROGRAM&Expires=1476240736&Signature=SHCiTCP3b9YKaKNwrSwWH91lyQDJxf0SGsBS43wV3M3OlgB~1cVdjoqtSmVjxLng1ZmopkvHIbxdN8KvGuOzMovXnamDUi6UMoIXT2BD06P9Xw7gojXJDE~vf2RiJXxBNu8izkYjobYCiCszUZOAL3zOqzA3en2YcNWUiUkeZuU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=dws2_trial_e.exe

http://ftp.ulead.com/pub/Trial/.../dws2_trial_e.exe

http://ulead-dvd-workshop-2.software.informer.com/.../

http://ulead-dvd-workshop.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOGK0KH LEVvXO4LQdXrANol/EbGLuYZsHA6jc1xbmbu2WUGzGzMOI/PIVUe2qONIDIOhSt5 wfcPknq8vdS1GhAAOeBxhQx3TP81crVsPTptPDxGtXOYPvcrTwo8s7To1o11M0JLQRquKWB/fKjVH/ii5gZjH/ETNUEVqTwyZPKfXMyPzWTUlBeaWTNdAtyFdkWSEIoIRlW5Kzt33B R2cBPWu3vtoz4Lp4a5uOgmrisykwROySkzbP6ZZz51nlUK/CciqOnncf2ctI2g2p9oWTxMpTQLaLEZwLs0yfRCNC7wLoBEJ4Ds14ZspZA/n//oPXgOX31Dos84GrOC8naTwuSAO7fveKf FsAtA9qAAUupsd10xb3DkVtvhkPCS/QhuYgR4vTN7O/.../6dxfrGMdvNn3pnCN4sNWzp8EN2QADPN6ajdSBm7nNG GWjLq2PVtRNGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7cw7Qo3iu1rNU0Iah8HPipq32OEkPLYZlz1c5PUgYPZFA

Scan uleaddvdwork.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.