1736153_stp.exe

Undelete 360

Kirill Chermenin

The application 1736153_stp.exe, “Undelete 360 Setup ” by Kirill Chermenin has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
File Recovery Ltd.   (signed by Kirill Chermenin)

Product:
Undelete 360

Description:
Undelete 360 Setup

Version:
2.1.6.25

MD5:
779bf8d91313e7f3d97ae4e98b53135c

SHA-1:
a7ec1ce162147b894ac66e522c3f435f70f8104f

SHA-256:
20a44efca325dbc079f65a7e6b68d18fdc698b0eb6269da8d16e536900b672ed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 7:03:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.KirillChermenin.L
14.3.21.14

File size:
2.5 MB (2,572,304 bytes)

Product version:
2.1.6.25

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1736153_stp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/8/2013 10:00:00 PM

Valid to:
1/9/2016 9:59:59 PM

Subject:
CN=Kirill Chermenin, O=Kirill Chermenin, STREET=70 Let Oktyabrya 17-50, L=Krasnodar, S=Krasnodarsky kray, PostalCode=350089, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BADFCFEBF80484E1CF8E39A8B7F16D8A

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Xv5PMdCmcyL6A/kSD8NJJk5QlhM1wREVBuP6n7NhK6ikd7n0mF4aYrB68Q:f5UKyL6wRYdwoacQsP6nW617h+51VQ

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 1736153_stp.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/29f63a69ec3c7c0c63636fe80ae2792b/5810da85/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://lb.cdn.m6web.fr/d/c/a/6645e67bca3b204b71c7d6782ce9693e/58792161/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://lb.cdn.m6web.fr/d/c/a/6e5dac4f974c9722fd435dfc0c2fce0e/58721abe/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_it&type=PROGRAM&Expires=1485059169&Signature=OwgJi7HBX0kqstMNgZ-ZqRxyhcMIrG8hC07rIZPfEmRFoJz~bxBWnNy7PT8g9AXJwf7~fa29Sy6bMueIVUB3YJ0RAuooZvlmOzTxgubI3Mpq22Icxynw2395x8nYmJ4PTQUw5DO4N-Zc11m3l5dkJauBtOcGM9Da1ynef~LMjZk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://dl1.jetelecharge.com/up/iiKKSDnesZ/.../undelete-360-5766-jetelecharge.exe

http://lb.cdn.m6web.fr/d/c/a/fd29873cec7fcac40b140143b2bf2f46/569a6095/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://lb.cdn.m6web.fr/d/c/a/520eb9e56f7a83f8b43155e3c8507bd0/577dcf3d/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://lb.cdn.m6web.fr/d/c/a/ee363d1036060cee5da25ec29cbc2f26/544119ca/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://lb.cdn.m6web.fr/d/c/a/72da42925f6662669d03acbbd51adee6/582f5ff7/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_en&type=PROGRAM&Expires=1450204875&Signature=BYrlgW42fnTTrev8OE827H11SizInqi8FPS7XUywSEXNhwg~8OskHbZiST44qztBGujso3jC4MGYvFaCNVb~Cv7hOEsiGQwXag~4k4TgQTI88u-UurfmejsuY7N-xE7uu5Eh0nsvhl7OU~8gio5ryEwkTc79FFhCesVDqgqefiE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://global-shared-files-lw.softonic.com/a7e/c1c/.../undelete-360-setup.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_it&type=PROGRAM&Expires=1426571996&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Cs2e~vUqQUC-jyYTDYk0vWXC1dSwpMvkm8BYSC20BqbRN1ghtreVbIJiHURfCUcRrVL5LzOMxTSE0jGWnpVtEGZA6SREpWmGVz8pPefWqMl01day1aTBvc793pUW76z3EL7rnRn9IKH-xtGvUBWsJauq4kAvkVDjklut7L-HAIg_&filename=undelete-360-setup.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_it&type=PROGRAM&Expires=1441182929&Signature=B65Xum8cX7jgo5FRGl8pz7eqLktlbsDWVmb~-VmjqdDLEDy-NY95VIvY7llyPXhE6xx3zRDb-Uge1CB6ELe8AdTGpAyBMv0GezY7XFGFWiz5esGG~IUJlK9e1zxJ4J4~R3~3NF9bMPgYIu3WudEfICaam6z88ikItCYqHAnA0Gg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://lb.cdn.m6web.fr/d/c/a/1f40a0507d4e6c9676351450867e80ed/58028d78/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_br&type=PROGRAM&Expires=1473955322&Signature=L5j5c~SDZpCOxT-PF52LXfUvEuJ4T5xkz0~qltHBZWCmSQpVrKkzaDDuIPOJkpkiZPUQgOamC5cw44ZJtZTFdH4-lU-DCuvqM6-1m7YASsImZLeBuwGFj~A5OkczN-ZDDBne42boHgqCXRk~cslFVGAzqLMFLemC6LI0dnKx~c4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_en&type=PROGRAM&Expires=1478143405&Signature=dv1eLyYNmcwmRzTLIdLOa7V38uRo4VcT5TcDYjpgC4n8NYV3yPkl-UFdXoA7oTZcyW5q1MJkYOBUfQKh5OglTTq3ctPI9p01tQbgVCnsxArZtQ-WClTIYZb205PdqXyr6EZ0cO9~cGVJ5007mwqRvA831ZUB2C8wtHtsBeXVxO0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_br&type=PROGRAM&Expires=1479165590&Signature=Dry49oDLuojQX4lSpH80txM8W1qP4hMpw2as73y6jR8UZR8SUL9aGesNenxkyk3GSrNCSygFnJpPXmT1XNRDuLzSTUhB~GBoxR1haOq8auQOMd0vgfM8KsMA9BNPljsUe45qFs6g4PWRrnczj6OEcDgZ9~KJ7hqCaB8kcBTst9g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://www.softsea.com/download.php?id=838250541

http://lb.cdn.m6web.fr/d/c/a/daf401e42e4b89902470f0362d594969/582adde4/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_fr&type=PROGRAM&Expires=1476172475&Signature=VvUegjRB5Dl8tBH9HCW9S0kgm0zSvHuWgDSsc0qMChFmAakCNY3i0BIIVpkEi7BY4SHqQ5yhjXbcyAr6UBjkVCnHmk9Ced3vqEDx9sAo9Vo11KKMmeqFfNqUimhLwBOjpMYXVZ4jw-6G8A6C6-gfHLaK2eE-~akakK5Rfs2GOpE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://undelete-360.softonic.it/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPNbFIbvPqwG59DNzhKGKPopOS/16MIOzRwqccoV7ljLtYd7khk2j0S5/.../xB80NKbfSX8P9601em06VZ5 jJuDeznwLVk=

http://dl1.jetelecharge.com/up/UfOtbUVKdg/.../undelete-360-5766-jetelecharge.exe

http://lb.cdn.m6web.fr/d/c/a/48a87e28ef3c697bcb71d79e8876796f/58023a44/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://low.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../undelete-360-setup.exe

http://lb.cdn.m6web.fr/d/c/a/71647c9025390d208cc2d372e85d2766/57f74e1d/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://undelete-360.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPNbFIbvPqwG59DNzhKGKPopOS/16MIOzRwqccoV7ljLtYd7khk2j0S5/.../xB80NKbfSX8P9601em06VZ5 jJuDeznwLVk=

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_fr&type=PROGRAM&Expires=1448708553&Signature=VCiW36s6NpOXYWH0RXSnltS7hv0UzEfRgdlOuOlLPDyFRqmAQ3JPMGl91D9XxHJiB90KkZdjk8KEZcVuR8fAEiZgShwDfp5xu6yzDFp9lfwPHmQy03qNC5On8KztNMsGR1smNxm6nHelUAANXQ7XSX09IIV2IsjdRvkOBZKACbE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://lb.cdn.m6web.fr/d/c/a/64fa2c3c22bac3729a6834b9638e933f/5401a3df/soft/.../undelete_360_undelete_360_2_16_fr_383074.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_fr&type=PROGRAM&Expires=1465098250&Signature=bjtNi~0Le3pjL0FYGDmkkGXVTW1-hD2TNQIf2C~miE3F2pi7uQEtf3zHa5DrhwjU2WU8y2AjCIbsBUiI0sFiLnVuennbwWwiDbbEed~XajnzzfNYXsnbJq5kukrwinDsyncoZKuCJ-xnZbJK93Ou4D~zkljm9Ada5EACJi6oKvU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

http://gsf-cf.softonic.com/a7e/c1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=305169&instance=softonic_fr&type=PROGRAM&Expires=1455503622&Signature=VbylPYf4vfx4xWRFMQuswmp5FS0bZEVNWvu-2GdLJcHCVGI4iM1GDa7aNQBv9CoGwIRSQ8wl4eu8yj-yYuMxBiyT7sN~JVAicBS2u1b6vJtTciqlYtTondGq67U1~KYyj9T04NCO4Cx3kuSICHjF6kfLFqy5iPSep~853nfc9go_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=undelete-360-setup.exe

Latest 30 of 86 download URLs

Remove 1736153_stp.exe - Powered by Reason Core Security