xp-vista.exe

WinAce Self-Extractor

e-merge GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from www.box.com and multiple other hosts.
Publisher:
e-merge GmbH

Product:
WinAce Self-Extractor

Version:
2.5.0.0

MD5:
cfef1659996417714b3b80db96bf29cc

SHA-1:
d5fb4e796c0692dcc87eb2cc041b87860c1b1107

SHA-256:
2b05678493cee8e741db180cddc362ba1dd852c11b2f8ec7fc58b88084098843

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/30/2024 3:31:43 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Vba32 AntiVirus
TrojanSpy.GhostKeyLogger
3.12.26.3

ViRobot
Backdoor.Win32.A.BO2K.97544
2011.4.7.4223

File size:
2.4 MB (2,488,625 bytes)

Product version:
2.5.0.0

Copyright:
1997-2003 Marcel Lemke & e-merge GmbH

Trademarks:
1997-2003 Marcel Lemke & e-merge GmbH

Original file name:
win32sfx.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\xp-vista.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:2crg1afnIx81h363qou0bg14FRLNewmfgmGzcRcQqKN/1D9YPh05PrwXn3KlO82:wkBf+qFOFmQQqKX9YVHKlv2

Entry address:
0x4C042

Entry point:
B8, 00, C0, 44, 00, 68, E4, 32, 41, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 30, 66, 81, C7, 80, 07, 8D, 74, 06, 08, 89, 38, 8B, 5E, 10, 50, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 19, 6A, 06, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 68, 81, C6, E6, 00, 00, 00, F3, A5, FF, D3, 58, 8D, 90, B8, 01, 00, 00, 8B, 0A, 0F, BA, F1, 1F, 73, 16, 8B, 04, 24, FD, 8B, F0, 8B, F8, 03, 72, 04, 03, 7A, 08, F3...
 
[+]

Entropy:
7.9982

Packer / compiler:
Petite 2.2

Code size:
65.5 KB (67,072 bytes)

The file xp-vista.exe has been seen being distributed by the following 5 URLs.

Scan xp-vista.exe - Powered by Reason Core Security