12107457_stp.exe

Microsoft Corporation

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

MD5:
c075b2fdeddf01654f94ddfaf3cf3e2b

SHA-1:
ff715d164527b5296dd742625fa6c0c9648f7cee

SHA-256:
94074277b34d9113c0112de6c616b8b34ef3e5dfe4576b386a1c002c7e6d0d64

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/15/2024 3:25:10 PM UTC  (today)

File size:
15.9 MB (16,693,568 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\12107457_stp.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
7/13/2009 8:00:18 PM

Valid to:
10/13/2010 8:10:18 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6105F71E000000000032

File PE Metadata
Compilation timestamp:
1/9/2001 12:08:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
393216:cMOkgi6Wzyug5d031jK3UpAjUy3REFJkVeJxU:9gwpgM3VCUuQJkVeJxU

Entry address:
0x39D8

Entry point:
53, FF, 15, 50, 60, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 54, 60, 40, 00, 50, E8, 07, F8, FF, FF, 50, FF, 15, 58, 60, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 28, 84, 40, 00, 83, 0D, A0, 82, 40, 00, FF, 56, 33, F6, 39, 35, F8, 7D, 40, 00, 89, 35, D4, 83, 40, 00, 89, 35, 24, 84, 40, 00, A3, C4, 86, 40, 00, 75, 05, E8, 67, D8, FF, FF...
 
[+]

Packer / compiler:
WinZip, 0x32-bit SFX v8.x module

Code size:
18.5 KB (18,944 bytes)

The file 12107457_stp.exe has been discovered within the following program.

LogMeIn Hamachi  by LogMeIn, Inc.
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
secure.logmein.com/products/hamachi/download.aspx
About 7% of users remove it
 
Powered by Should I Remove It?

The file 12107457_stp.exe has been seen being distributed by the following 4 URLs.

http://www.ranchsendgift.com/GzIAOVcB2us_F AD4oQCC5WPeq41bO_sRx fXfn2DYhQ _rkoFg f0z oq_MD4Nm5Ti8B3LQM5omPi8Qb3MJLf0_Y1eDgBMGpa4NN3K7j6mr_U9DDxq58qEdYxHYw3sddBIR8tYxTTFeE_4_BJXIOS5xF296IXWxvD6obMFWq iCIQL1uHHUHxKD tR6BSm09ekR2MeFEeP9BPyR10oouzFiZteXPJlvsE_Ud5WTIbLlG7fRS6s=-G0AAAMTaOU7v hgmJZNShunpB4Uvk8BEDhxaJAHpxd7a5oG8cWLb0eGySm5IDcsGkv2YA2KFmHpiDtSv_LmmHKdPAQ==

http://api.viglink.com/api/click?format=go&jsonp=vglnk_146124979830314&key=34247986f943e1111106e2bd638e0268&libId=inae6nr301011025000DAfb2xblw2&loc=http://clankymera.forumeiros.com/t11-patches-for-age-of-empires&v=1&exp=-100:CILITE:166&type=U&out=http://aom.zone.com/MGS/ES/loc/patch114/.../aoe3-114-brazilian.exe&ref=https://www.google.com.br/&title=Patches for Age of Empires&txt=http://aom.zone.com/MGS/ES/loc/patch114/.../aoe3-114-brazilian.exe