3161466_stp.exe

InstallShield

InstallShield Software Corporation

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
InstallShield Software Corporation

Product:
InstallShield (R)

Description:
InstallShield (R) Setup Launcher

Version:
7, 01, 100, 1248

MD5:
3564d144e1628316fd0785e0658b0533

SHA-1:
3694e2eb8d385127a8f52c20994d21c8b00b1da2

SHA-256:
eb2bd76578bd7fa70d178756b7431f0071aa35bdef15fbde5ef9d7d62c1dca5a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 5:57:11 AM UTC  (today)

File size:
6.1 MB (6,383,200 bytes)

Product version:
7, 01

Copyright:
Copyright (C) 1990-2002 InstallShield Software Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3161466_stp.exe

File PE Metadata
Compilation timestamp:
12/2/2002 4:31:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:fGh4PTVbW+ftkdQIVQzbMEDypHqYeBYVOrCEEUMatmoIS:fG+LVQ/QPMEDyHeBY0mEEUMatTIS

Entry address:
0xB1CC

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 44, 01, 41, 00, 8B, F0, 85, F6, 75, 08, 6A, FF, FF, 15, 40, 01, 41, 00, 8A, 06, 57, 8B, 3D, 08, 02, 41, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 3C, 01, 41, 00, F6, 45, E8, 01, 5F, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF...
 
[+]

Packer / compiler:
InstallShield Custom

Code size:
57.5 KB (58,880 bytes)

The file 3161466_stp.exe has been discovered within the following program.

Publisher's description - “PC Inspector Smart Recovery is a data-recovery program for Flash Card, Smart Media, Sony Memory Stick, IBM Micro Drive, Multimedia Card, and Secure Digital Card. The software will bring back deleted pictures from any digital camera media.”
8% remove it
 
Powered by Should I Remove It?

The file 3161466_stp.exe has been seen being distributed by the following 36 URLs.

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_br&type=PROGRAM&Expires=1471506910&Signature=gUpPXGdpVQBhaCarFFe577ckuAonUL-AXnHeZ~ce3h-AYLFalevSg6o~jWjPkgZ2NrUo89PFFMPUJQH3P6aL9Bo4pGyo2QGIPIYjXBFBNte2YV~MnwWwWI3NrNHr7H94liWR~YZxeg-RhUE6Paj7oVEoFBFfXqcVMb1cY9-aKQg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

https://pc-inspector-smart-recovery.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPNbFIbvPqwG59DNzhKGKPopOS/16MIOzRwqccoV7ljLgI/BBsL0geu/.../PbWiGzklyGAP0=

http://down01.wxsrv.com/descargando/024/2450/pc-inspector-smart-recovery/.../pc-inspector-smart-recovery.exe

http://www.ranchsendgift.com/0 7FzMV06Hk33oiDlDmYaOwecMZxW8Q0G_cd60xS1tuo_2R3ZzYkX_ajgKNxYFvo2RhO1nEFZCOs7fj4jdNTOl9_crY6iEu0GHYfF8sNS UoGqYJIaU53_0OGs4KZj563x4QgJpd1vXrzMDoKIwxycFR7QYe9LWidKbkJJ9E5Aueo8HMSkZGbPRQNlCPQ9QHa6Ccth6_rw 0SIgLgu2yCSsvubk7Qw==-GzYAAARqbrE9MRLwgkUZ6KawAQdOBTLgNpANG2PgWYKNeGNFVxlzdRJnlwZG_bbPm6J6XzwA

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_br&type=PROGRAM&Expires=1472804700&Signature=fAkYF2jRwnozO3QNXn92QMWRFf54irTYgmiYt51zyOGhg0-pMqgxKIGclCqVZRl~CBD04BxlF56P8SE3K2rja-udn7QMvJDIfyj4xgnKTeIwblWptu02Au-rMFDwDxy5P0kzWxVFCh2B48KRVZNZaUKbDq7BCg-hhorrmW8-jnQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_en&type=PROGRAM&Expires=1450235504&Signature=B-hQOskKf938Qx8bHXoNSJUCnuu8i59rv~tSt1nnUW7ssBDmH-R1eTLSr7W6uizMJ20uHyER1XZzhxGhxTW1MBw-M4lTi7Vy5sCKCAgs851d6B~kzVj5d3KZbVffUvzAN4~ItRmLGIzcU1H9-U-mi64ThXYXs3~b5NKXP3~e~AM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_en&type=PROGRAM&Expires=1439976054&Signature=SW0OlRt~eYYy~dpZUXBt8UlF1BFqG01~DsRM75giccy-wv0XDJz5cYCE1AaOQQV-C1M7O4HdzIctu2hqu5F20wRWKlxhqqF4fnxQeEGO1LuzuphVCf-rTTARD8KrnxpwcVA5s6xyjb26jbg8TZm2BR--~vMontwcMv4cVxAkink_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_br&type=PROGRAM&Expires=1479164371&Signature=SsDo7Q8UEOydwlbwoyqJ9cQq05ZUCR-PxYOQM7eclyqRxTw6w0~tvtH-L6o-OR5yPqgpYLPySP47PK8lu6BGFqsJy9p74qYheHF4POL9VsBtlyNtNVN1mHDU3fyN-VzNQR~gOcojixthlakLKuUO8HFyS~l3D3ek53DNMOmglc0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_pl&type=PROGRAM&Expires=1431337317&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=JnQUkqAFMlLuIji6OMfElPRf2nsREEAD21E3g39R9erzy3DwtSLEQg2N5l8PaJjTtUmoDL7C~jTZgA2F2WINpc0ZublCUShr6tWPoSmR0N6-Xmaq862v5OhMbYc-Wo9Fds~2S0WxDUNWDL6bQNpo5aqbVgLFC5J7VZdM2ql7ikc_&filename=pci_us_smartrecovery.exe

http://www.download.fi/.../download.cfm?version_id=1817&software_id=924&mirror_id=0&installer=0&perion=0&air_installer=0

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_en&type=PROGRAM&Expires=1477150524&Signature=DRkPMrVvHpX6lR8ojIIZYeBzu8DJPyTctHXj4gVfnmpPfm-WECFZzfsuPAkP4HKU5mETU-t63BrNhHTfUNETsNs0iwpr8lO23S2~4Eb8b4lYz8YrJuMQztM~N3iD7TSnMeUxBSthJ4w2MyzGRBwhxE9rHzB~biZ7t3xPBtblQrQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://www.izone.ru/.../go.php?action=download&id=3122&key=7249027

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_br&type=PROGRAM&Expires=1469499610&Signature=ivuzpTjEEhwmVbm7gHGvPIV1LJmUyfpxxaFlES2A9S~HlvbAb3qE~D6~JXpr8YO2evjZNJ-zmZtxzvkqgyaHOAYVk2j9i8xBmaO0LPcl-nRiAXmzrwWfqwKSn08CC2eYXp5xeZNeJz2XK541KaA97tuBjAdx2e5yPSFYh-0Gea0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://gsf-cf.softonic.com/369/4e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=28974&instance=softonic_br&type=PROGRAM&Expires=1478749929&Signature=WHpXlMtcM0WSSKzwXSNjq~~62GHHZlh7ybG0XHaeNy8iT1VDQt4QO6U3kODj3FKnVdVBG~waoX4UKfpj~4sBk5a7h66Hkk2TFAXizG7jimbk153-1vvqmfzgpZ-nhwqmgko9D3WuLFfqq8~Ihld3-QUDC~S~qldAjqCaSAGk1yA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pci_us_smartrecovery.exe

http://www.skidajmo.com/download.php?path=1230833353696

http://pc-inspector-smart-recovery.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPNbFIbvPqwG59DNzhKGKPopOS/16MIOzRwqccoV7ljLgI/BBsL0geu/.../PbWiGzklyGAP0=

C:\Users\att\Downloads\pci_us_smartrecovery (1).exe

Latest 30 of 36 download URLs

Scan 3161466_stp.exe - Powered by Reason Core Security