home

w32maing.exe

IBM Standard Software Installer

INTERNATIONAL BUSINESS MACHINES CORPORATION

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘stgclean’.
Publisher:
IBM Corp.  (signed by INTERNATIONAL BUSINESS MACHINES CORPORATION)

Product:
IBM Standard Software Installer

Description:
OSP Windows 32-bit ESD API

Version:
5.29

MD5:
5cbda321de6db99d1d09b9ba570ba6d4

SHA-1:
fafa001044b1dd6a6bf9a1e0254a038ac53521b6

SHA-256:
1d5b5a9db5386076b70726e55c4859f63729d696eaf2137a96749af0d5b82e6d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 5:01:54 PM UTC  (today)

File size:
299.6 KB (306,832 bytes)

Product version:
5.29

Copyright:
© Copyright IBM Corp. 2004, 2017

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
INTERNATIONAL BUSINESS MACHINES CORPORATION

Authority:
DigiCert Inc

Valid from:
11/6/2015 5:30:00 AM

Valid to:
11/14/2018 5:30:00 PM

Subject:
CN=INTERNATIONAL BUSINESS MACHINES CORPORATION, O=INTERNATIONAL BUSINESS MACHINES CORPORATION, L=Armonk, S=NY, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0C2597FAA5019C731A3BE9BC31529F8A

File PE Metadata
Compilation timestamp:
3/3/2017 1:19:59 AM

OS version:
1.11

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.18

Entry address:
0x24F04

Entry point:
E9, 67, 48, 00, 00, 03, 10, 40, 00, 4F, 70, 65, 6E, 20, 57, 61, 74, 63, 6F, 6D, 20, 43, 2F, 43, 2B, 2B, 33, 32, 20, 52, 75, 6E, 2D, 54, 69, 6D, 65, 20, 73, 79, 73, 74, 65, 6D, 2E, 20, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 43, 29, 20, 53, 79, 62, 61, 73, 65, 2C, 20, 49, 6E, 63, 2E, 20, 31, 39, 38, 38, 2D, 32, 30, 30, 32, 2E, 51, 8B, CA, 99, F7, F9, 89, 06, 89, 56, 04, 59, C3, 00, 00, 00, 56, 57, 55, 83, EC, 24, 89, C5, 89, 54, 24, 20, 89, 5C, 24, 18, B8, FE, FF, FF...
 
[+]

Entropy:
6.5629

Packer / compiler:
Xtreme-Protector v1.05

Code size:
193.5 KB (198,144 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
stgclean

Command:
C:\sdwork\w32maing.exe \cleanup


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.