update.exe

Self-extracting executable installer

Microsec Ltd.

This is a setup and installation application. The file has been seen being downloaded from srv.e-szigno.hu and multiple other hosts.
Publisher:
Microsec Ltd.  (signed and verified)

Product:
Self-extracting executable installer

Version:
3, 2, 7, 8

MD5:
2925822ed9c491ee52f1102e4b5f20d4

SHA-1:
07191a9b5f24aa975974f0c06090ecbbbeaf4100

SHA-256:
543f79d62086d61a7fb88d0adaab853a1cc439ba58b29ec5b90bba6e4295ee4f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 3:33:16 PM UTC  (today)

File size:
20.7 MB (21,661,920 bytes)

Product version:
3, 2, 7, 8

Copyright:
(c) MICROSEC Ltd. All rights reserved.

Original file name:
SelfExtractor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\update.exe

Digital Signature
Signed by:

Authority:
Microsec Ltd.

Valid from:
1/30/2014 2:30:01 PM

Valid to:
1/30/2016 2:30:01 PM

Subject:
SERIALNUMBER=1.3.6.1.4.1.21528.2.3.2.22, E=info@e-szigno.hu, CN=Microsec, O=Microsec Ltd., L=Budapest, C=HU

Issuer:
E=info@e-szigno.hu, CN=e-Szigno SSL CA, O=Microsec Ltd., L=Budapest, C=HU

Serial number:
010247A2CC4DE14CA00445B3D20A

File PE Metadata
Compilation timestamp:
8/14/2014 2:06:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:y6e3DkPJqYDcJH1CXr7L7oOidC3jRGLOOQAc2DyHHW3VC1p+cPJ1YBHhfFepFea:HegkgCHcXr7LMOiEzYL5vQH2cNBuLepn

Entry address:
0x2CEE2

Entry point:
E8, 0A, 8E, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, B0, F2, 47, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 30, B3, 47, 00, 33, C5, 89, 45, FC, 83, A5, D8, FC, FF, FF, 00, 53, 6A, 4C, 8D, 85, DC, FC, FF, FF, 6A, 00, 50, E8, D8, E0, FF, FF, 8D, 85, D8, FC, FF, FF, 89, 85, 28, FD, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, 2C, FD, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89...
 
[+]

Code size:
402.5 KB (412,160 bytes)

The file update.exe has been seen being distributed by the following 3 URLs.

Scan update.exe - Powered by Reason Core Security