x64.exe

Language Pack Installer

Microsoft Corporation

This is a setup and installation application. The file has been seen being downloaded from www.zezfile.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Language Pack Installer

Version:
6.1.7234.0 (winmain_wtr_w7lp(wmbla).090720-1345)

MD5:
fcf4a1a7eeb24ef9f63d9c1b9a62b652

SHA-1:
aaac936bd625c12b607dffea19fab8be9cfa28f6

SHA-256:
0dfaf67a5d03eab59eafe47c4509accc1d306f3dfe8f79a233fe301a80271a1c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/27/2024 11:05:26 AM UTC  (today)

File size:
50.1 MB (52,497,704 bytes)

Product version:
6.1.7234.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Windows6.1-KB972813-x64-ar-SA.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Digital Signature
Authority:
Microsoft Corporation

Valid from:
10/23/2008 1:41:38 AM

Valid to:
1/23/2010 1:51:38 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61044C4B000000000024

File PE Metadata
Compilation timestamp:
7/20/2009 11:46:25 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:TxuBUBJZS2tLYvrbWhSuHYCKOVJTK1vLV98nLSNhz:T8ePsA2fEiHODTK1vLzNz

Entry address:
0x1BE8

Entry point:
48, 83, EC, 28, E8, 7F, 02, 00, 00, 48, 83, C4, 28, E9, D2, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, F9, 14, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, FC, 02, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 44, F5, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 28, 48, 8B, 01, 81, 38, 63, 73, 6D, E0, 75, 2C, 83, 78, 18, 04, 75, 26, 8B, 40, 20, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19...
 
[+]

Entropy:
7.9920  (probably packed)

Code size:
6.5 KB (6,656 bytes)

The file x64.exe has been seen being distributed by the following 4 URLs.

http://www.zezfile.com/filezez.php

http://www.traidnt.net/vb/safety_link.php?url=http://download.windowsupdate.com/msdownload/update/software/updt/2009/.../windows6.1-kb972813-x64-ar-sa_aaac936bd625c12b607dffea19fab8be9cfa28f6.exe