home

windowsxp-kb822603-x86-plk.exe

Self-Extracting Cabinet

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from s6823.chomikuj.pl and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Self-Extracting Cabinet

Version:
5.3.0018.1 (xpclnt_qfe.020226-1835)

MD5:
ecb27a452f0443b178a79ecf080ede85

SHA-1:
bbd65f5d7f7ff6d8e65ae5c3c9f2c6ab850b28df

SHA-256:
fab6f4bb8e756fa85c482f3e0e98e4a8806701d1d650baa35646c5e94758d9f8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/5/2024 11:43:36 AM UTC  (today)

File size:
344.3 KB (352,544 bytes)

Product version:
5.3.0018.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SFXCAB.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\util\ccc\plk\windowsxp-kb822603-x86-plk.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/29/2002 3:32:40 PM

Valid to:
7/29/2003 3:42:40 PM

Subject:
CN=Microsoft Windows XP Publisher, OU=Copyright (c) 2002 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
610E3B71000000000027

File PE Metadata
Compilation timestamp:
4/23/2003 7:54:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
6144:peNWy4rXgzm0mn8jhMMTyOf4Lg3xXqyfw2PNIlrCRrmZocGY5+I6t+U:pe8y4dnKTt4khy6N22RE45+U

Entry address:
0x41FD

Entry point:
E9, C5, FA, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 68, 04, 08, 00, 00, FF, D6, 59, 33, C9, 3B, C1, 75, 0F, 51, 6A, 05, FF, 75, 28, E8, 2E, 11, 00, 00, 33, C0, EB, 69, 8B, 55, 0C, 83, 88, 88, 00, 00, 00, FF, 83, 88, 84, 00, 00, 00, FF, 89, 50, 04, 8B, 55, 10, 89, 50, 0C, 8B, 55, 14, 89, 50, 10, 8B, 55, 18, 89, 50, 14, 8B, 55, 1C, 89, 50, 18, 8B, 55, 20, 89, 50, 1C, 8B, 55, 24, 89, 50, 20, 8B, 55, 28, 89, 48, 48, 89, 48, 44, 89, 48, 4C, B9, FF, FF, 00, 00, 89, 70, 08, 89, 10, 66, C7, 80, B2, 00, 00, 00, 0F, 00...
 
[+]

Entropy:
7.9584

Developed / compiled with:
Microsoft Windows Update CAB SFX module

Code size:
21.5 KB (22,016 bytes)

The file windowsxp-kb822603-x86-plk.exe has been seen being distributed by the following 4 URLs.

http://s6823.chomikuj.pl/File.aspx?e=nGyjwXxxIMi50eVxzP7NDY6q5qFEi8yYOSk8Pw0AWmOv3PKpR-sRC6IOpZjGvAz2fPmHK4mAObdpWbuaRZUspGukAiBZnsgaUswyv1v7lMl6D-LAZ9HzngcC3OUv87IZYYsFOgZgiafyF4JO11OR7iOc9GPhv9gJ-GxshwnI11yzMtuJpP72mjKiKIcsLWls&pv=2

http://download.microsoft.com/download/e/3/4/.../WindowsXP-KB822603-x86-PLK.exe

https://download.microsoft.com/download/e/3/4/.../WindowsXP-KB822603-x86-PLK.exe

http://download-centrumxp.pl/6668,2,sterowniki,Aktualizacja-sterownika-USB-11-i-20-dla-systemu-Windows-XP.aspx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.