home

winscope.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mdiy.pl.
MD5:
6d02255c55c76adc4d0c4ca7ad27fa6b

SHA-1:
005bf59b24241e746100f34b08d3eb8778b4b989

SHA-256:
a51db81406c68fb6c2fa694ade697a541d10997d46dc5b4cb092ccc4b41c9761

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 8:05:40 PM UTC  (today)

File size:
92 KB (94,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winscope.exe

File PE Metadata
Compilation timestamp:
6/24/2055 1:14:50 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
1536:LOQRrlEMkYmyNXSV4+pXaWfgePcFLu5vHWGwv5v/Dy8GTsL3:FRZRiq+daWoePcFgHkt/2Vw

Entry address:
0x1000

Entry point:
A1, 5A, 10, 41, 00, C1, E0, 02, A3, 5E, 10, 41, 00, 57, 51, 33, C0, BF, A4, 34, 41, 00, B9, A0, 9B, 41, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 64, 67, 8B, 16, 04, 00, 89, 15, 6E, 10, 41, 00, 8B, 42, F8, A3, 66, 10, 41, 00, 8B, 42, FC, A3, 6A, 10, 41, 00, 83, EA, 04, 89, 15, 04, 99, 41, 00, 83, EA, 04, 3B, D4, 73, 02, 8B, E2, 6A, 00, E8, D3, A2, 00, 00, 59, 68, 2C, 10, 41, 00, 6A, 00, E8, EE, F0, 00, 00, A3, 62, 10, 41, 00, 6A, 00, E9, 60, EE, 00, 00, E9, 97, A3, 00, 00, 00, 00, 00, 55, 8B, EC, 83...
 
[+]

Code size:
61.5 KB (62,976 bytes)

The file winscope.exe has been seen being distributed by the following URL.

http://mdiy.pl/wp-content/uploads/2008/.../winscope.exe

Scan winscope.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.