home

w32maing.exe

IBM Standard Software Installer

INTERNATIONAL BUSINESS MACHINES CORPORATION

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘stgclean’.
Publisher:
IBM Corp.  (signed by INTERNATIONAL BUSINESS MACHINES CORPORATION)

Product:
IBM Standard Software Installer

Description:
OSP Windows 32-bit ESD API

Version:
5.30

MD5:
455f9a7fb23cfa3ec5ceb0bc1bd6ed91

SHA-1:
bbf1dd315281dac7a09c43bda9566703f4d41a10

SHA-256:
9092602d94083b31da2d99f656b757d6ada146df1dfe1db704b424af4fb1ffcd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 9:15:50 AM UTC  (today)

File size:
299.6 KB (306,832 bytes)

Product version:
5.30

Copyright:
© Copyright IBM Corp. 2004, 2017

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
INTERNATIONAL BUSINESS MACHINES CORPORATION

Authority:
DigiCert Inc

Valid from:
11/5/2015 7:00:00 PM

Valid to:
11/14/2018 7:00:00 AM

Subject:
CN=INTERNATIONAL BUSINESS MACHINES CORPORATION, O=INTERNATIONAL BUSINESS MACHINES CORPORATION, L=Armonk, S=NY, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0C2597FAA5019C731A3BE9BC31529F8A

File PE Metadata
Compilation timestamp:
3/6/2017 11:37:01 AM

OS version:
1.11

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.18

Entry address:
0x24F04

Entry point:
E9, 67, 48, 00, 00, 03, 10, 40, 00, 4F, 70, 65, 6E, 20, 57, 61, 74, 63, 6F, 6D, 20, 43, 2F, 43, 2B, 2B, 33, 32, 20, 52, 75, 6E, 2D, 54, 69, 6D, 65, 20, 73, 79, 73, 74, 65, 6D, 2E, 20, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 43, 29, 20, 53, 79, 62, 61, 73, 65, 2C, 20, 49, 6E, 63, 2E, 20, 31, 39, 38, 38, 2D, 32, 30, 30, 32, 2E, 51, 8B, CA, 99, F7, F9, 89, 06, 89, 56, 04, 59, C3, 00, 00, 00, 56, 57, 55, 83, EC, 24, 89, C5, 89, 54, 24, 20, 89, 5C, 24, 18, B8, FE, FF, FF...
 
[+]

Entropy:
6.5637

Packer / compiler:
Xtreme-Protector v1.05

Code size:
193.5 KB (198,144 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
stgclean

Command:
C:\sdwork\w32maing.exe \cleanup


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.