home

x14-63452.exe

Microsoft Windows Marketplace

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from www.raymond.cc and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows Marketplace

Description:
Windows Vista Preparation

Version:
3.0709.1505.0

MD5:
0c5fb9a928decdb1356b0391c263efe5

SHA-1:
3b1a5e4b44ca2c15c327cd3dfb028833e0036fa8

SHA-256:
f8999a5cc3df95e27cee458b0a03e1915ede4a6970f8fde75e138756993389ae

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/27/2024 1:48:41 AM UTC  (today)

File size:
81.2 MB (85,177,872 bytes)

Product version:
3.0709.1505.0

Copyright:
© Microsoft Corporation. All rights reserved.

Trademarks:
Microsoft® is a registered trademark of Microsoft Corporation.

Original file name:
VistaSetupPrep.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\x14-63452.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
8/23/2007 2:23:13 AM

Valid to:
2/23/2009 1:33:13 AM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
610F784D000000000003

File PE Metadata
Compilation timestamp:
3/6/2008 2:32:06 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1572864:0tg5gpEMypNNGCQRzoPXCK2srf9cyUehCi9EaIi/Nr82aehb3oBB2uM41UTnDumV:0yltpvG7zoHrf+6hCiOaIL21hbsBdMAg

Entry address:
0x2ECF

Entry point:
E8, 18, 03, 00, 00, E9, 2B, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 00, 70, 00, 01, 75, 02, F3, C3, E9, 98, 03, 00, 00, CC, CC, CC, CC, CC, FF, 25, 78, 11, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 74, 11, 00, 01, CC, CC, CC, CC, CC, 6A, 14, 68, 30, 58, 00, 01, E8, 1B, 02, 00, 00, FF, 35, 10, 79, 00, 01, 8B, 35, 20, 11, 00, 01, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 24, 11, 00, 01, 59, EB, 61, 6A, 08, E8, 67, 04, 00, 00, 59, 83, 65, FC, 00, FF, 35, 10, 79, 00, 01, FF, D6, 89, 45, E4...
 
[+]

Code size:
21 KB (21,504 bytes)

The file x14-63452.exe has been seen being distributed by the following 2 URLs.

https://www.raymond.cc/blog/wp-content/plugins/.../download.php?id=2960

http://msft-dnl.digitalrivercontent.net/msoffice/pub/.../X14-63452.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.