home

validate.exe

The executable validate.exe has been detected as malware by 7 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.download-servers.com.
Version:
1.0.0.0

MD5:
602fcbd0fadbaee8007ad1f2e3e964d1

SHA-1:
e0e8350e73ba8f79e81c203d076af52885ae8b90

SHA-256:
e46a3a331178afee94dbf392f729bec476cf8553d778a9a99d9075df276f87c1

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/28/2024 7:22:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.110.0

Norman
Win32.Sality.3
19.05.2016 01:04:49

VIPRE Antivirus
Threat.4721115
50350

File size:
140.5 KB (143,901 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2013

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\validate.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:DgXdZo9P6D3XJk458A73Nx7gkP+pMVRQTQS458OMm:Dee4mJs3Nx7qEQ0SU8fm

Entry address:
0x30FA

Entry point:
60, 0F, A5, CE, 0F, CB, 85, D7, 0F, BE, F4, D0, EE, 1B, D3, 69, D9, 54, 26, FE, A4, 08, CF, 68, BE, D4, 7B, 00, 68, 1C, AA, C5, 00, 0C, 60, 85, F0, C7, C6, 30, 00, 56, 98, 33, ED, 0F, AC, DE, B6, 42, F6, D8, 8B, CD, 80, FE, 72, 28, E5, C1, F1, 63, 85, F6, BB, EB, 85, 08, 00, 0F, BA, E7, 39, F3, 81, D0, F8, 68, 5F, DF, 81, F3, 22, 0F, 00, 00, C7, C0, 8F, 45, 0F, 55, 4F, 81, C3, C8, 01, 00, 00, F6, D0, 3B, C7, 25, 67, 90, BF, 01, 0F, C1, DD, 0F, BD, F8, 81, ED, 90, 8C, 08, 00, 81, F2, 17, E9, 28, 09, 0F, B3...
 
[+]

Entropy:
7.6581

Code size:
23.5 KB (24,064 bytes)

The file validate.exe has been seen being distributed by the following URL.

http://www.download-servers.com/.../Validate.exe

Remove validate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.