home

view-client-windows.exe

PKWARE SFX for Windows

PKWARE, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from usaremote.justice.gov.
Publisher:
PKWARE, Inc.

Product:
PKWARE SFX for Windows

Description:
PKWARE SFX for Windows (Unicode)

Version:
12.3.1026.0

MD5:
75bba02d141e4a4f8bc733d49862183d

SHA-1:
269b63564eefd874d7523ec49265481bde081a5e

SHA-256:
20c12bf72605a81c05e220e2ff232ff917bd2508caaabe9aa6f05947a94edb28

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 10:39:55 AM UTC  (today)

File size:
67 MB (70,258,006 bytes)

Product version:
12.30.0002

Copyright:
Portions copyright (C) 2001-2008 PKWARE, Inc.

Trademarks:
PKWARE, PKZIP, PKUNZIP, PKSFX, and SecureZIP are registered trademarks of PKWARE, Inc.

Original file name:
PKSFX.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\view-client-windows.exe

File PE Metadata
Compilation timestamp:
11/19/2008 10:55:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1572864:FaPw0W6JsJg+me1pABidapVi6MNVZ9AGBDgXTerGc0OWZI+vKB2gZKQea67:anJsi+me3apVZ4JWXTeCcktCfZKVB7

Entry address:
0xD4000

Entry point:
68, 80, 40, 4D, 00, 68, 4D, 62, 52, 00, 68, 00, 00, 00, 00, E8, 39, 22, 05, 00, E9, 98, CF, F9, FF, 40, 28, 23, 29, 50, 4B, 4C, 49, 54, 45, 33, 32, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 31, 39, 39, 38, 20, 50, 4B, 57, 41, 52, 45, 20, 49, 6E, 63, 2E, 2C, 20, 41, 6C, 6C, 20, 52, 69, 67, 68, 74, 73, 20, 52, 65, 73, 65, 72, 76, 65, 64, 20, 28, 24, 52, 65, 76, 69, 73, 69, 6F, 6E, 3A, 20, 24, 29, 00, 50, 4B, 4C, 54, 33, 32, 00, 00, 10, 01, 00, 00, 5F, BF, EA, 4B, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9996

Packer / compiler:
PKLITE32, 0x1.1

Code size:
332 KB (339,968 bytes)

The file view-client-windows.exe has been seen being distributed by the following URL.

https://usaremote.justice.gov/.../View-Client-Windows.exe

Scan view-client-windows.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.