21164803_stp.exe

Setup Factory 7.0 Runtime

The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from www.towerbitscenter.com and multiple other hosts.
Product:
Setup Factory 7.0 Runtime

Description:
Setup Application

Version:
7.0.1.0

MD5:
8ba5a05ce1d467d4a58d319c863877cf

SHA-1:
73c4227ee4ae46410916c488d1e2859f63df47b9

SHA-256:
311469a1755fc2bf87956df15f3c8b8f4759a7409efcab8078bb7a0e3eab696e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 3:59:03 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!8BA5A05CE1D4
5600.7121

File size:
14.4 MB (15,067,442 bytes)

Product version:
7.0.1.0

Copyright:
Setup Engine Copyright © 2004 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf70_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\21164803_stp.exe

File PE Metadata
Compilation timestamp:
10/13/2004 12:10:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:YKeTIy+BouA/jLlmNbuKKbYppppppppppmadPzcQokavLRRGbWWsXTPHQT6Gu35c:YKjyUBglm4vCFzcjRTIlsMf2L1xqFB

Entry address:
0x1D9D

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 61, 40, 00, 68, CC, 30, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 78, 60, 40, 00, 33, D2, 8A, D4, 89, 15, 2C, 9C, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 28, 9C, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 24, 9C, 40, 00, C1, E8, 10, A3, 20, 9C, 40, 00, 6A, 01, E8, 07, 03, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 76, 1B, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

The file 21164803_stp.exe has been seen being distributed by the following 43 URLs.

http://www.towerbitscenter.com/wt0oG1yzIZEneHUwsGtJnvRNSwWJkYCvntcPVe2EU7_N5 YrnAsM7UqBi9JvtODk0i4LLXO3t_QPax3zdZNMW4 eGrhcFAvIk8tMSXPMcXmT5X7aoEzdlqgXztDkKXsFV_pI9RqgBe3SHWbyD1OTtIn4cn6rNzF4LSeNgKwU1yfjHJeKnUMeelqRt7KQHcIDfGAOi1ON0qBgFCIfc3OeiQzWNUsNRg==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://download1731.mediafire.com/6dl33djjc3bg/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download1399.mediafire.com/r8jjbizrcadg/.../bots 1.5 by_Shebaxot.exe

https://mega.nz/temporary/.../vIdT1Z5I

http://www.vaultcapitalpackage.com/UiVfCXs DxvHEXq_ G6CpKG5PMVIOw7xz9R22APm_v8k0Pm46d6_L6neM7Iu2eTi9ded7bN7EbNS7ZKLhEnDA4LF8egQ1LydbycSmcUuH34eTQTrZYin0XJjBB8MgTqEpJbWKWeNFcjN4MKTEgjlLg2CSNtNuJIseR8LpNN4AqCcQT1dcvvIljpA1XsUsPVvNgXW3Hb3TvAMaaDFrUY4M0iVDQZ1gw==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://download1244.mediafire.com/egvlqfc8g9rg/.../bots 1.5 by_Shebaxot.exe

http://download1636.mediafire.com/zjwb1h1305vg/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download2217.mediafire.com/kh5adqfu3atg/.../bots 1.5 by_Shebaxot.exe

http://download1307.mediafire.com/kb500suicaxg/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://www.towerbitscenter.com/0r0wzSY25OfsZZUgWBY3PBbxWyhPZWtHGpeCpBZY_3Z73RZ_sDvpIlRmdO nfo_PydaRfBy2uc_9kKeQWPpLuBE2AYYR_ 3Bo3D_pcIlMF7lodBpKf7NegtZu7Rl 6eS0hVqqqG595i oeNtQFu0x9PfrBLzmON6pUYHD6ojSW5Q9ivw5jWUbDBLt9nM0idL7_t4HXf20tDXLIPMROp8V591HPIW9Q==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://download798.mediafire.com/ldfd52wzztdg/.../bots 1.5 by_Shebaxot.exe

http://download2217.mediafire.com/hfn926tiqxng/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download1366.mediafire.com/hlkmss6yd4jg/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://www.ranchsendgift.com/nMlI6fHKZT1eSW5T8cxpf0lIQdkdo73svmlzI2iwrt7tt370Ply7nMoK7G2nvSeM70HMa4NMxTjuQzCa49xTV7GHABcgUTaWzLkFSzkEIeogo7XiHxLuuxOI2Nn8YIT_mC01o GkQV9RRpFldnTmO0In2qyzZfEDXLIGRZy_lu3 jjfIydlGtD7o3LxLoE_3rb67abS3Ai_kmXSFxe9B8B6dtYFGZw==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://www.ranchsendgift.com/mPPo6ViRJDAKHFYi9ER ejbQdJhHyMUiXcwOIdR0s9lubmAc7h S5XtIrZXl_derNubsDh8d_VkVtVtac88iDrstcEA FpPytPPTFXuQuY6tUkBMe9vKXDLa0ZGUYMe4jPvq4DbML3BvFxdZo8U7OGOvbN6NYtCTB2bVUcFbxU6UDjU8587PWsCCfanV_UpQpL4Ne7VrVMyztjkvVqPPDuM6uBvwOw==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://www.ranchsendgift.com/wzr32SHd UDiJjzG6HaYpgz72sXDIBGvGEzbcILlIX9OLuzAYTsfPbHIpjqduggzRgxQJQ6gxeUnq5dNN9zjhnBaSkLS6nkU0FtQsVZ0 2 yMRIHq nf1dz5T1IP8vNbHMrvKC4S4zNpJKk8W_gQkKb2ZNaTzmylVUXJNUhHB6yRqwNSOsBQdyHrTHjZ6MFPPhu_XvMCloSSmHqmPn40CTf5CB_ycw==-GzEAAERveH7D4bsVuRUSmMgBey1g GEiBx624PbWmPgZIOmlYcGbvHYoBo dQBn5CQ==

http://download1399.mediafire.com/dtsblpvmwo9g/.../bots 1.5 by_Shebaxot.exe

http://download1636.mediafire.com/vdfyaox3ikyg/.../bots 1.5 by_Shebaxot.exe

http://download1366.mediafire.com/n15qposhut2g/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download1065.mediafire.com/18nh716ffnog/.../bots 1.5 by_Shebaxot.exe

http://download2217.mediafire.com/x1gjhh9ippmg/.../bots 1.5 by_Shebaxot.exe

http://download1636.mediafire.com/09fxtr6be8hg/.../bots 1.5 by_Shebaxot.exe

http://download816.mediafire.com/5l3bmht9qzqg/.../bots 1.5 by_Sers98.exe

http://download1065.mediafire.com/glniclarpsjg/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download1065.mediafire.com/atqokr918y6g/.../csbot_v1.50_by_gb gonzalobiondoloquendo.exe

http://download867.mediafire.com/slhul56ose1g/.../bots 1.5 by_Sers98.exe

http://download2217.mediafire.com/ps9dha2xnr0g/.../bots 1.5 by_Shebaxot.exe

http://download1366.mediafire.com/1itkm7pvd0cg/.../bots 1.5 by_Shebaxot.exe

http://download1636.mediafire.com/q2wza919a75g/.../bots 1.5 by_Shebaxot.exe

http://download867.mediafire.com/hj3n18474cag/.../bots 1.5 by_Sers98.exe

Latest 30 of 43 download URLs

Scan 21164803_stp.exe - Powered by Reason Core Security