home

241d4bf8_stp.exe

KB Piano

Gabriel Fernandez

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.towerbitscenter.com and multiple other hosts.
Publisher:
Gabriel Fernandez  (signed and verified)

Product:
KB Piano

Description:
KB Piano Setup

MD5:
d0eaf5904fefdaaa9c6fed8650e412ac

SHA-1:
04ec63fb5096124475f7d15fb457545df78c1d08

SHA-256:
f7a7efc43a9c648d536ef930c851f8881dd3f60fdcff6066bbb42025133f4a5e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 8:57:15 AM UTC  (today)

File size:
10.3 MB (10,821,888 bytes)

Copyright:
G.F. Software 2008

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\241d4bf8_stp.exe

Digital Signature
Signed by:
Gabriel Fernandez

Authority:
COMODO CA Limited

Valid from:
7/8/2016 3:00:00 AM

Valid to:
7/9/2018 2:59:59 AM

Subject:
CN=Gabriel Fernandez, O=Gabriel Fernandez, STREET=Rosario 2832, L=Fernando de la Mora, S=Central, PostalCode=2300, C=PY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
386314686BDAE0BDFFCA7C0F1E5D18EC

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:9EQAhfHZTNEBnFpD1cgkzHaZPwREyjZoJP8DRGkmcnUbxZprv:tAhP5uBn3mFbgPwRKPDcnixZ1v

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9997

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 241d4bf8_stp.exe has been seen being distributed by the following 8 URLs.

http://www.towerbitscenter.com/2R5KH38W_grgBUOFKwSZ1cd4eQWhsmRDOhwaFXLLjJkIU6Gk_3BEjcTWnttTkHQv0UvqDJWM4gJOQ3ej1ovpl_CDjr6Z6_lNIrUZNag21Y5zqkREaGO2k YKjFSRATylVyMv Y_araUGnMvJCiSCY1OYo0iRgu9ZNJ6SGAZMBUT01h5TVDsuxTf7A_I56VXzbXMhhiNm2vrrJk7U8Y2EVAm i0CZPQ==-GywAAERveH6cNzWSQnGAiRyw1wI9KLytjQN1Y LPDdRIycOpE1K9R3gA

http://kb-piano.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPxJrO1TsV2ZQoV4i4Pnuvz5BfvcJF5YcB ioRo OYiFc/ESw /.../Qj60M1pvGulZCqlETf1CAy YP45sgFfIYlhfHoWKbMhJwRtS01hY=

http://ultradownloads.com.br/.../2,219842.html

http://www.programosy.pl/.../pobierz,kb-piano,2.html

http://kb-piano.software.informer.com/.../

http://www.capitalheartlaboratory.com/jRoI7r9TV2okYqjOwxxJ9jOSNjDWSskFVXAVELbOWuFhp_JUbEmYkVKQ8WUHnGeVUR6cqTL9Dd69UGAAA0xLhbYyATzlBbiCG8avb_Ssz00UnTHA6dR pb YZBrw2_HTfEE1YFLX3CMDQ7KYZ_TPNzsONHhJuK0NyFy_H4Q6iWCP88Bbz7repI2ZB7xWTWFLQiWt0ALOEoU2fyufwlJ1gcC2HNVYbuPdyK50u15ZkXg04Y3PrbvC_xJCTUr_DeLw0X YfXKMe p9cvxTf6uh JRhbjcW_OA2M JAn3g4asHh2wc47BdxL2zZCIZdSa7VUlwCgMxQOan94hMkT4FcpzPmzn8ArZon_QU_Rhbw17m9 vl6JSV7eIUwhdju48JGGuYBLgq_fgUXySWQbUjKRPrs0dIbO2YGw2GtK_NdE LxoLtYHCk=-GywAAERveH6cNzWSQnGAiRyw1wI9KLytjQN1Y LPDdRIycOpE1K9R3gA-e

http://www.gfsoftware-downloads.com/.../kbpianost.exe

http://www.gfsoftware.com/.../kbpianost.exe

Scan 241d4bf8_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.