20680467_stp.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
03604c1917a82ebf93e4344aaf4d2a43

SHA-1:
2f461ee8a09710cdaf8c4d0fb60b6b80ccc8798e

SHA-256:
0917e75b4903f47899b4b73607119af3950331bd5056f4be5894dbe1f08ab2cf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:53:47 AM UTC  (today)

File size:
4 MB (4,232,888 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\20680467_stp.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:soTwH030WGU7etrvPHDkUIyqtUnsDkVkSeo3FeVEyfoP0ur:sSw/htQUktBDkVkSezEyfJY

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 20680467_stp.exe has been seen being distributed by the following 33 URLs.

http://dw.uptodown.com/dwn/ZX14n5_FZybGbw4e43dcFDmPmBKIjv0jzR8Aa3wpUiM7w9EbTRnikw7NxT3wjobsqZbNmjNhln_cBmRWUriLP8J1jelp_9y2xki23DbMxI56L224BX6kQ6YvQ8FF7nIY/dnInSQFnQ2J4T1Nu4Qe1ExDZsWEQV4vwSE74xKtXiBQg2SceX5ewVO_HlItVja7lVwuQnnzZyvFapAFM5xKTlA1Nty7iCemTYbqW8QnPNFBZR-FS4vAbp8c38ynWOqDb/Ld-uuw7V0fydeQ2Wk1pCmu-cOt_capJHO2wnfjVx1CfsZEhCxn7-zxL6ppftciixY1TZ2WT2_zat9qxb-iA5Q8NEonpx8oIyGQpGEckHsaR_d2XZR_zu6aLABS9gRDk3/.../

http://dw.uptodown.com/dwn/uDAv1FyJAZBT6PPXotdt93n182P-BuU2dOfbpEUrI9yAvJOvSboW1GWCMMAaiCEjdOQCs9lKMJg_iPwuSJxK_v4IRM7X-eZ2_SkdSqgaVdJoWWClsm5EduvukN-tBcaU/RAOGUR4b-pGx6hO0Nm2IOkRLREXcjsQS-fm2zbvEoCZIVyM0yZRpef8FnsVXvrpAqB5D1XrURSwqM6e7TQQCIJOZlA2j9qPZaaRSVGUhx2VZBOu_5MnqvFQrPvkBcCCU/zvpVc9Splm1TlBaeMnEQFiC-RWqzH1oAK6DcWM1HHvlQEF5cM4aEwbxQ2L-IhMney6V63Ur-7CTWg28wrGrmlueh43K9oHoaTO5Cw9xdf3kwjHs-ITzx05vixhpgjT1j/.../

https://d2.driverscollection.com/2ec2dc8199c3da/44843b785bc2fb746caf564106a49ef2671f411dbac4eeb4ceaf2ddfe0f688441787ba00b1e873e4c75a5acc19f4ae7a58170cf9/3/688/21/.../XMouseButtonControlSetup.2.6.2.exe

https://d2.driverscollection.com/2ecbf4fd63addc/72951a26ceacc8819c54696403d245c26fa990f2e7121bf018f4b55fa04689e4ab264637fabf3070c98df96abddc089357ab3667/3/688/21/.../XMouseButtonControlSetup.2.6.2.exe

https://d2.driverscollection.com/4ad11a5da8809/0f74518b8d6f6fd3d496f80c6f86e3f519973afba00b43a9879e23df53737f8455823237885a41ae3eab5f8b6b4db8bb56ed7ac7/3/688/21/.../XMouseButtonControlSetup.2.6.2.exe

http://dw.uptodown.com/dwn/DXHnm39ngjjW9U8f7ZFf1XmqcIPIm2OByl7K6wWywRKyi9loKaSusXr1Terj_KuVhaeUd0URYYPLi1vqctNffIGEWbtFu56qFrokelpJUdtNNePWfKoNLsFcFXRC3bI3/GWZEuMAwOTYpdJewTPIhcDKWzmZ3PXliO7Yppo5hEzSiTN7FSKwtHGwSIhgDY5-ivZmSncbYp73_0q-zxrnw4BpdWt8Fc1zo9wtFXt3KKrCnxHsW8yIp85MizWmGP52S/JJK1duiRvS8nf9EmmtJBCv8YcZLz_PlSRzaigXr2--Un1yZtAgiNOskboa7bsbjSJ3cdfVVHQTucKTaDHi8-ZlPwBLPf6DvPCGsrYyMExHDZ9q3gOA_f8oYg_PT6fmd7/.../

http://download1uk.softpedia.com/dl/ed5abbe248f6ce4677c90c7cdfd4ab1d/52f5fff5/100069266/software/.../XMouseButtonControlSetup.2.6.2.exe

http://dw.uptodown.com/dwn/YPbJk1dA9YiYSgIW5L315JOggSPJGB29Jbw5McDrk3dGxs3_KQtNTRDEVMDVIhaY-VtzB1Goig2PHWBSvalT12EX2E-fwt_0mxESF4DZibHxQpeDk0l6YD6cAaE4j3R2/.../

Latest 30 of 33 download URLs

Scan 20680467_stp.exe - Powered by Reason Core Security