124664_stp.exe

JDownloader

AppWork GmbH

The application 124664_stp.exe by AppWork GmbH has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download2217.mediafire.com and multiple other hosts. While running, it connects to the Internet address static.17.63.9.176.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
AppWork GmbH  (signed and verified)

Product:
JDownloader

Version:
2.0

MD5:
bfc51b28404020e72ea7581084c352cd

SHA-1:
04a99697b27dcb1a386f307b4bb0a23a88745661

SHA-256:
5aa44c28b3745e439761b599eabfce41d034cd931114f46c116aaa8fae31e209

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:03:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.AppWorkGmbH.K
14.7.28.0

Trend Micro House Call
TROJ_GEN.F47V0128
7.2.47

File size:
30.9 MB (32,386,176 bytes)

Product version:
2.0

Copyright:
AppWork GmbH

Original file name:
JD2SilentSetup_x86.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\124664_stp.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
3/1/2011 4:00:48 PM

Valid to:
3/1/2014 4:00:41 PM

Subject:
E=e-mail@appwork.org, CN=AppWork GmbH, O=AppWork GmbH, L=Fürth, S=Bavaria, C=DE

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012E71E7355C

File PE Metadata
Compilation timestamp:
12/13/2013 5:31:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:0Yv6WgzOGSMvmR5KzqmdHZygGGmMneRxGLZVBEs:4zrmR5GdHZTGGmMeRxGNf

Entry address:
0x1AFA4

Entry point:
E8, 7F, AB, 00, 00, E9, 78, FE, FF, FF, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 94, E3, 44, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 18, 49, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 24, B1, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03...
 
[+]

Code size:
179 KB (183,296 bytes)

The file 124664_stp.exe has been seen being distributed by the following 50 URLs.

http://download2217.mediafire.com/nv9aa8l2qb9g/.../JDownloader2Setup.exe

http://download709.mediafire.com/p68cs57o1spg/.../JDownloader2Setup.exe

http://download1359.mediafire.com/0s3t72q47ypg/.../JDownloader2Setup.exe

http://download1467.mediafire.com/od2n699cvvcg/.../JDownloader2Setup.exe

http://download606.mediafire.com/3rs4elkyasqg/.../JDownloader2Setup.exe

http://download1631.mediafire.com/7h6wvc5xiiog/.../JDownloader2Setup.exe

http://download1467.mediafire.com/rhz521knq3zg/.../JDownloader2Setup.exe

http://download1631.mediafire.com/6c0bl6wqv5hg/.../JDownloader2Setup.exe

http://download1239.mediafire.com/uaq2sadk5apg/.../JDownloader2Setup.exe

http://download707.mediafire.com/6d7l1gq475og/.../JDownloader2Setup.exe

http://download1359.mediafire.com/7grbne8p5nkg/.../JDownloader2Setup.exe

http://download1751.mediafire.com/k6ni16iigxsg/.../JDownloader2Setup.exe

http://download2217.mediafire.com/p967b57nchpg/.../JDownloader2Setup.exe

http://download907.mediafire.com/z3r2d7ku9krg/.../JDownloader2Setup.exe

http://download1631.mediafire.com/nxddc8qadlug/.../JDownloader2Setup.exe

http://download1751.mediafire.com/quf1jykph53g/.../JDownloader2Setup.exe

http://download1631.mediafire.com/0l70hwzxkm5g/.../JDownloader2Setup.exe

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../2sknXB4I

http://download1407.mediafire.com/n134d7xis0sg/.../JDownloader2Setup.exe

http://download1631.mediafire.com/lpfhh454eyxg/.../JDownloader2Setup.exe

http://download1751.mediafire.com/518ai9qu96dg/.../JDownloader2Setup.exe

http://download2217.mediafire.com/am6oxpac1m1g/.../JDownloader2Setup.exe

http://download1751.mediafire.com/tsh2aw3pq1ng/.../JDownloader2Setup.exe

http://download1995.mediafire.com/ef8dd13anaug/.../JDownloader2Setup.exe

http://download2013.mediafire.com/zsunf1te3nyg/.../JDownloader2Setup.exe

http://download1631.mediafire.com/72dsia6xoibg/.../JDownloader2Setup.exe

http://download1836.mediafire.com/79tz2as1ocqg/.../JDownloader2Setup.exe

Latest 30 of 50 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.139.123.201.138.clients.your-server.de  (138.201.123.139:80)

TCP (HTTP):
Connects to static.18.68.251.148.clients.your-server.de  (148.251.68.18:80)

TCP (HTTP):
Connects to cdn5.appwork.org  (46.4.126.3:80)

TCP (HTTP):
Connects to static.17.63.9.176.clients.your-server.de  (176.9.63.17:80)

TCP (HTTP):
Connects to mail.appwork.org  (176.9.43.113:80)

TCP (HTTP):
Connects to cdn8.appwork.org  (85.131.130.147:80)

Remove 124664_stp.exe - Powered by Reason Core Security