winpcap_4_0_2.exe

WinPcap 4.0.2

CACE TECHNOLOGIES, LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.ranchmetabits.com and multiple other hosts.
Publisher:
CACE Technologies  (signed by CACE TECHNOLOGIES, LLC)

Product:
WinPcap 4.0.2

Description:
WinPcap 4.0.2 installer

Version:
4.0.0.1040

MD5:
2b8f5a693275102ae1d48fc138685c80

SHA-1:
d91b76628757c5d2f5cbb3963dc0d8d8e9d816a5

SHA-256:
a100dc629f64e4f6901fe0e2882431988f2d45b8b8522be992c88c52f78db198

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/15/2024 2:52:07 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Generic.9098914
8.13.12.22.03

File size:
537.7 KB (550,560 bytes)

Copyright:
© 2005 - 2007 CACE Technologies

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\common\eap\winpcap_4_0_2.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/7/2007 1:00:00 AM

Valid to:
5/19/2008 12:59:59 AM

Subject:
CN="CACE TECHNOLOGIES, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="CACE TECHNOLOGIES, LLC", L=Davis, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1AABA1ED0C8F63F3BF2BE0D4C050A208

File PE Metadata
Compilation timestamp:
4/7/2006 6:59:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:UZCcXWfBaK+c7xEjQRPKyTxp3CMGbd/lmT+iOX8mA63Zp0vQR7q7VCeaE:UZCkAF+cW017yM2dlo+d8mb70v2+7VCW

Entry address:
0x3166

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, F0, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 60, 98, 42, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 20, E8, 42, 00, E8, 14, 28, 00, 00, BB, 00, 64, 43, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, FF...
 
[+]

Entropy:
7.9595

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file winpcap_4_0_2.exe has been discovered within the following programs.

Hammer Call Analyzer  by Empirix
About 1% of users remove it
HD CMS  by HD CMS
About 5% of users remove it
L0phtCrack 6  by L0pht Holdings, LLC
Publisher's description - “L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.”
www.l0phtcrack.com
About 3% of users remove it
NETGEAR XAV101v2 and XAV1501 Configuration Utility is the software package that includes the required drivers, configuration and management utilities to support this wireless adapter.
www.NETGEARInc..com
About 6% of users remove it
NETGEAR XAV101v2 Configuration Utility is the software package that includes the required drivers, configuration and management utilities to support this wireless adapter.
1% remove it
Publisher's description - “The award-winning NETGEAR XAVB101 Powerline AV Ethernet Adapter Kit includes everything you need to extend a network connection using the electrical wiring in your home.”
About 4% of users remove it
ProSafe Plus Utility  by NETGEAR Inc.
Publisher's description - “To take advantage of the enhanced features on ProSafe® Plus switches you can install and use the ProSafe® Plus Switch Utility. The utility is on the Resource CD shipped with ProSafe® Plus switches.”
www.NetGear.com
About 8% of users remove it
TubeMaster++ 2.6  by GgSofts
www.tubemaster.net
About 4% of users remove it
xmplayer  by DBstar
WWW.LEDALL.COM.
37% remove it
 
Powered by Should I Remove It?

The file winpcap_4_0_2.exe has been seen being distributed by the following 3 URLs.

http://www.ranchmetabits.com/ubZ_G8CURqFbIC6frzpjRN_AP0SO6HSMKTBhEHIVSk3OvsqEnQ3MV9EYkNANfjnwftKvNL54PqX8X_jWOpCw3zR65tv1y1Ha OW3P2ZsrgMGHgcR2NmQJpx1ALacYWIchNDBD6bOCCWaU71uPNCrZ0ldfCbrQvYssrOUoo0oGv24VxyRI9doGPt1UiplQhalAikgSS9_48qc PoQaNFdwCfKR5yEiPTlLNqtNpQ1XWlH39kq81lJe8QoZaPiUcNA0 9zZKEugoyoyfLY6gGoEKGEP Zx4sPSUC0QeQcjndzyxblf7S6gJlQl bIBQkDWDzB1lYaP5yac mvozTkfavlAizHBrivxE7ad9EEaaHujJCJTRjUOGodDfwTMQ3_8FgezjpEeoPAwZEREWuVy7FgbFix0ofLprmFwP7PGG6iIPBKL2K5LWuiJcVyL0aUS7WGQgklwP2QEIrXl_lV6AqJGIozJ2DrWrcmfZCqh4PNm1e2N3oi24S7YrPQUdJYb1W3HZ8Osd89A1njEL10g8mllJYbhv4BqCZgfSPSVGzKuVxgR Ms0N2cSYd_G4e_0 GaNioWOFRF5Ws54IKadlsq slUGqfp09vmauca4KlbVHV6ArVg=-G0cAAGRwXkyTWpQPwkQOnBIKiBL73sAGrqhx7Qm6uJqdWwHackktFyJcKUOF0hKlEzFkOA3VAijKDQZfXbu3O4x_BA==-e

Scan winpcap_4_0_2.exe - Powered by Reason Core Security