WinPcap_4_1_3.exe

WinPcap 4.1.3

Riverbed Technology, Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.filepuma.com and multiple other hosts.
Publisher:
Riverbed Technology, Inc.  (signed and verified)

Product:
WinPcap 4.1.3

Description:
WinPcap 4.1.3 installer

Version:
4.1.0.2980

MD5:
a11a2f0cfe6d0b4c50945989db6360cd

SHA-1:
e2516fcd1573e70334c8f50bee5241cdfdf48a00

SHA-256:
fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:46:01 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
c:\users\test\appdata\local\temp\0a18bfb8b04901322446eadc09a02e356c18e8eb c:\users\test\appdata\loca
9.0.1.05190

File size:
893.7 KB (915,128 bytes)

Copyright:
© 2005 - 2013 Riverbed Technology, Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winpcap_4_1_3.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/25/2012 8:00:00 PM

Valid to:
10/27/2015 7:59:59 PM

Subject:
CN="Riverbed Technology, Inc.", OU=Product Marketing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Riverbed Technology, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1402AEEF0D31BE743E73F6A7A960C4F4

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9805

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file WinPcap_4_1_3.exe has been discovered within the following programs.

i-Messenger UC  by LGCNS
uc.gimsg.com
About 7% of users remove it
LILIN Navigator  by Merit LILIN
www.MeritLILIN.com
About 8% of users remove it
Orbit Downloader  by www.orbitdownloader.com
Orbit Downloader is a download manager for Windows that has the ability to grab and download embedded Flash Video files from sites like YouTube, Dailymotion, Metacafe, etc.
www.orbitdownloader.com
22% remove it
Orbit Downloader 4.1.0.0  by Novin Pendar Co. Ltd.
www.NPShop.Net
About 1% of users remove it
Overlook Fing  by Overlook
http:\\www.overlooksoft.com
About 2% of users remove it
ProSafe Plus Utility  by NETGEAR Inc.
Publisher's description - “To take advantage of the enhanced features on ProSafe® Plus switches you can install and use the ProSafe® Plus Switch Utility. The utility is on the Resource CD shipped with ProSafe® Plus switches.”
www.NetGear.com
About 8% of users remove it
www.whoisonmywifi.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file WinPcap_4_1_3.exe has been seen being distributed by the following 50 URLs.

http://www.filepuma.com/file/1487278370c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1480751825c6317/winpcap_4.1.3/.../0/

http://lb.cdn.m6web.fr/d/c/a/9e07720620fe6fcc9072d9f1bd31ac7c/584e921b/soft/.../winpcap_4-1-3_en_70104.exe

http://www.filepuma.com/file/1485510795c6317/winpcap_4.1.3/.../0/

http://lb.cdn.m6web.fr/d/c/a/db2d07c19a1713faa05cc2f64a06c9d1/5832f707/soft/.../winpcap_4-1-3_en_70104.exe

http://www.filepuma.com/file/1477159108c6317/winpcap_4.1.3/.../0/

http://img.file-upload.cc:182/d/.../WinPcap_4_1_3.exe

http://lb.cdn.m6web.fr/d/c/a/13f66b64bb1e427a3c3560ecc77592ac/582c3b39/soft/.../winpcap_4-1-3_en_70104.exe

http://download1772.mediafire.com/hkj3kw8cgjdg/.../WinPcap_4_1_3.exe

http://indir.gezginler.net/i/18149/.../

https://ww.winpcap.org/install/.../WinPcap_4_1_3.exe

http://download1772.mediafire.com/39a9ryajt2ig/.../WinPcap_4_1_3.exe

https://dw.uptodown.com/dwn/HVs679Qhp2QWG0rpHBOxOO6UcUo7e7OJiSQRPnbCqAk_m5PQkK7_UJNin3fgaDWcyuyqPhlwuqJOl0_-hXZWVcuGjtn2KUti7RM7IdsAYO8ijOuU-AiDazoPi-ZN8out/NmlkYjO_YsuqPLQ6PLTsw6CCHcZMrMgp7r5ecnt0usQ7XE1-K121DbBaxNN_hsrtbxdIGAkMKpHYlReNpwULPLKlN9PEpNtmlVgsS9V5Iiv_aCYbJsyMyLggi7ZmH5ER/jxhYC1gWobvpt2ZTcFBFmZJ7-edF5CdktaesxjCkf7zloAkBJejnYRcmtA9WukCmQj1IV8gOmdTYkmDiNHPYqgjnAMYNC7RhrLnRYaT5OZ1dplDJeOSOg3c9bByXZQ47/.../

http://lb.cdn.m6web.fr/d/c/a/baa3194830959c6e4e10af3718c23c04/56eae8b7/soft/.../winpcap_4-1-3_en_70104.exe

http://lb.cdn.m6web.fr/d/c/a/7d7be8bf954161259b3d073f41074336/58013fc7/soft/.../winpcap_4-1-3_en_70104.exe

http://lb.cdn.m6web.fr/d/c/a/831d2a55e8d7454381cc8e8c449d6808/57a66af1/soft/.../winpcap_4-1-3_en_70104.exe

http://lb.cdn.m6web.fr/d/c/a/b27d8c46bcf2f42c7430d6ad6207506e/57f05a27/soft/.../winpcap_4-1-3_en_70104.exe

http://www.filepuma.com/file/1480439285c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1478424006c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1481544132c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1477867821c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1476475445c6317/winpcap_4.1.3/.../0/

http://www.filepuma.com/file/1481979787c6317/winpcap_4.1.3/.../0/

https://p-ams1.pcloud.com/.../WinPcap_4_1_3.exe

http://indir.gezginler.net/i/18149/.../

https://mega.nz/temporary/.../rBVzVCpC

http://www.filepuma.com/file/1477215297c6317/winpcap_4.1.3/.../0/

http://lb.cdn.m6web.fr/d/c/a/2eaeaab675779ad9a8b77b61b81bc901/58472d96/soft/.../winpcap_4-1-3_en_70104.exe

http://www.filepuma.com/file/1482202687c6317/winpcap_4.1.3/.../0/

https://dw.uptodown.com/dwn/6Et60FvFHaXASP5d9bnQmeK0sDJsnWsLZgNe-4qYBGaGX6Wahtnjmd8SGVGXhSptoMTfYcpUGbpfkHlQobWmBhiJ_9MKBue-QqRliV9J_EckXAuYl7kEtSHY0Il0DZi-/pZPf4C5Faj5ca13RV7mcMJg7RMFQJSRP1KVmQC6SXIQKzif0hdCCS72sZonkxLXrCk3scTmfwJVcHUzrZ7bCtTRWRwYPJzs7i_344RmcrCKuBQ_pQrV45s2upe_4Flfj/HKUavyK4ZI9hLIOpoWeurxlhSqos-Faqktk-XpiPOfL3Vg3GVPK1ui6q3lflL_rVevQoLAwz3UXAByQYRLS-CbC2Q16U1F2pGDNwfXuosCb8TzhYKF0BAt6HN3bDRCJE/.../

Latest 30 of 171 download URLs

Scan WinPcap_4_1_3.exe - Powered by Reason Core Security