home

194862085_stp.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
7002e69de1c8761323034e2ed35eeabb

SHA-1:
282b2190fdc9d61d0f55ebba15a9715c2c8b12bc

SHA-256:
2cbf7ca631fa9873edaacfc0f05403861f6c62cd6cef2782c98e0b4460fce743

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 12:56:08 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4613

McAfee
Artemis!7002E69DE1C8
5600.7250

ViRobot
Backdoor.Win32.A.Ceckno.1703936
2011.4.7.4223

File size:
1.6 MB (1,703,936 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\194862085_stp.exe

File PE Metadata
Compilation timestamp:
11/21/2001 3:41:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:4M7Zg+rw5MzySgPDSae5D2C4lrXnF/WtO:4M7i+XzydPDS5Dr4lrV/

Entry address:
0x3930

Entry point:
53, FF, 15, 58, 60, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 5B, 74, 01, 40, 52, 50, 52, 52, FF, 15, 5C, 60, 40, 00, 50, E8, B2, F8, FF, FF, 50, FF, 15, 60, 60, 40, 00, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, A8, 86, 40, 00, 83, 0D, 20, 85, 40, 00, FF, 56, 33, F6, 39, 35, 64, 80, 40, 00, 89, 35, 54, 86, 40, 00, 89, 35, A4, 86, 40, 00, A3, 44, 89, 40, 00, 75, 05, E8, 0E, DA, FF, FF, 39...
 
[+]

Code size:
20 KB (20,480 bytes)

The file 194862085_stp.exe has been seen being distributed by the following 10 URLs.

http://dw.uptodown.com/dwn/h8T1W6gRdMIm5WXt_JmzfbM4R_1EfhthWydT33x4coeTCQF6GYJHSpm4-ZzGpgVTfRrblV8dk1ENKSZqK8DstxZ7GwmuEtFs8NUo1JY1n0xI-ZKck5WYSpuSkNcUm0R8/lu0xfkPwsj7C1EqQTJZ-zBE9H248NQcefZ2rJpOypT3QwaWwQ1CCHgNIxStuKBlgIAHbDwcpOAOqAbB3Wwbw_yAfNXFG0lIPSzVgwZVjTRvRxiqvOWOHgewupoN90LBX/yEh5fzXLt1iNXb9oH9IWQpn9F47IAGgAEk8Ddot4n4S3A3qTdzyjiBFirYT8gUbXjJuvwAQ3FNJO1Hve0wZ5DwItTyC55CQUlNPNQwige0-5M9msitWNgRNLIZW1IIRJ/.../

https://dw.uptodown.com/dwn/rspeZvdyUnw9TsjdRNFVh6OeNjnj29GkEg93f9fwL40nad3YPrj5i86zZyFsWWc78EFQWylCYuBD32Gub9Cd23JOXQurJIzU22J5yXsCA0_dP3TerHfbWHYOMGB1nBlu/Gz7SAuznvMbvDcNYABTBycKjW3jziPH5ZuOV-4SaJthiBi61jNJdZuj9UZ1jCtzNoSPFzbKgn011KoFKCxzyms1Bc0z8FODh0MqKl6wu3taD1XCo-fxwspts-JYcVRFJ/QoiXttoMFYvZk3a3Iw2LlYDTuylsoeXalwFXRG9bXKqh9HkrLzdlxJSHlxoWobO4g6jY29K7au4nwBaCqH_aMJ7E3y8-yRnzMHm5uMW3bc_hYr4kQxh8GyxDRr24EcAr/.../

http://dpcdn-s11q.pl/.../FreeChess(dobreprogramy.pl).exe

http://dw.uptodown.com/dwn/H10MODw2gMKkT7M1S4jKeF2fYRtG94f3yEcwwciRW9i9VDdeR_21YCUShXL2ao8ilxtJ2o0hk9OVBQR77G-qXzZ4FeaIRUGkY7YH-q1BfEVxUmIKMnMXGiiXA4ZL3BXp/v8K5CHLGnuUUPsVM6uBAA2VI78hCp1JghgNLV7LBrIFa_GS6USxHjqd1gwy0vg91IOgq2HY3fw4kkmtWj9Ye-rOfTxXQI11g9Gq9UwzIcUj-__CWkABNx8Y0jkZMUMBm/.../

http://dw.uptodown.com/dwn/I9AQS8OMvWxKx2qmzKYYZtvGnK_c3DV2kJWjLiREZX5ap-HOQF-zIHfdXfIdT5DZ6y8bJ6Y0jFFJrx-dVFFWLnBwN__52nKIrGl3oP9mPIOaJcIFcOLEAGMS5lSUIPYB/ziyiY5hStKRHyvHxOW7pxEwGMcpWaWHabwDxKglN0h1KXLQIhP8sTc3odrXfjV8SAYTq0R0OJ6lBTmDSbpuoCY7CjlMybJnQ8-ksvyZ5WP9imvIgkSDOS_xDM4PVV8aN/.../

http://dpcdn-s09.pl/.../FreeChess(dobreprogramy.pl).exe

http://dpcdn-s07.pl/.../FreeChess(dobreprogramy.pl).exe

http://archivos.sion.com/FreeChess.exe

http://www.ajedrezaranjuez.com/public/.../FreeChess.exe

http://free-chess.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enaGJpqCllpg=

Scan 194862085_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.