home

unicows.exe

Win32 Cabinet Self-Extractor

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dosbox95.darktraveler.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2600.0000

MD5:
98b0858aa661952d020e362cbdf66bf8

SHA-1:
7817947db630539fba7e9966dfed64ed48a469bf

SHA-256:
cd4cfad1caeb3417d7b72eab7e61b823eb59f71b0db66e5767a58c5e9a07d5ee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 10:27:01 AM UTC  (today)

File size:
342.8 KB (351,024 bytes)

Product version:
6.00.2600.0000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\unicows.exe

File PE Metadata
Compilation timestamp:
8/18/2001 8:42:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
6144:nWt8sw2lVSwyAQtcKnzXMJOrO2bnRsjdjC1r5rR3n:b2l35JwVbRsjk1tln

Entry address:
0x5A5E

Entry point:
1C, 19, B3, 3E, 1C, 9E, F6, C5, EF, EB, 0A, 1B, E8, B8, EC, E8, 01, 20, 0F, B6, FE, 8A, FB, 0F, AF, C7, 47, 23, CE, 0F, AF, C1, E8, 00, 00, 00, 00, 2A, EB, 41, 0F, B7, DE, 87, D6, 81, EA, 4B, 56, FD, DB, F3, 69, C2, CA, DF, 85, 3F, F6, C1, 70, 68, D0, DB, 00, 00, F3, 5A, 3B, CD, 89, E9, 81, F2, FE, 08, 00, 00, 70, 04, 88, C9, 87, C6, 2B, FA, C6, C4, BD, 0F, AF, C2, 81, EF, 32, 0D, 00, 00, 59, 0F, AF, F0, 11, C5, 4B, F6, C2, AE, 78, 08, 88, CC, 8D, 3D, CA, 9F, 56, DE, 89, E8, 81, D2, 58, B7, E4, 04, 68, 16...
 
[+]

Code size:
34 KB (34,816 bytes)

The file unicows.exe has been seen being distributed by the following URL.

http://dosbox95.darktraveler.com/.../unicows.exe

Scan unicows.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.