3569046_stp.exe

Free File Viewer

Bitberry Software ApS

The application 3569046_stp.exe, “Free File Viewer for PDF, DOC, DOCX, RTF, XLS, etc. ” by Bitberry Software ApS has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from www.filepuma.com and multiple other hosts.
Publisher:
Bitberry Software   (signed by Bitberry Software ApS)

Product:
Free File Viewer

Description:
Free File Viewer for PDF, DOC, DOCX, RTF, XLS, etc.

Version:
2014.2.16.0

MD5:
4c5797de356d3f743a19f66a843e5315

SHA-1:
2c64472ce377fb6c7e015f0844853bd896eac2ba

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:45:42 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/FileTypeAssistant (variant)
8.10017

Reason Heuristics
PUP.Optional.BitberrySoftware.L
14.6.29.19

File size:
17.9 MB (18,816,752 bytes)

Product version:
2014.2.16.0

Copyright:
Copyright © 2010-2013 Bitberry Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\3569046_stp.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/20/2013 2:00:00 AM

Valid to:
11/19/2016 12:59:59 AM

Subject:
CN=Bitberry Software ApS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bitberry Software ApS, L=Holbæk, S=Alberta, C=DK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
23118AB330BEB5704ADCCE30BBB04D23

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:/fi2RrhfuCsmz98dOh0d98SN6dEO0qEYa83ibYWJoh4YGV4vlCJ3M8BZuM18F+n:nBRJZzOd7NHdqLyUWi4cU3ZuM3n

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9999

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 3569046_stp.exe has been seen being distributed by the following 22 URLs.

http://www.filepuma.com/file/1479197043c6818/free_file_viewer_2014.2.16.0/.../0/

http://cdn.berrycleanfactory.com/c?x=PcKDPxDXZWlg08pIsFUrd7EagVp7pq6EkX33tVv94vk=&c=SMinv7E9xqDeg5YZi W940Pt9nCHxBvDNXwaqc7503CBah/nRDmnAF2mDYDCF3auXcQkOYBgRHkgkeqPSnghTRWM/rhGLUUqEZoXJl1Pyx0OSX/UuG5ZADcP9qk2zqj3g1xLIpVKAOwdx08/tehcBA==&fallback_url=http://www.freefileviewer.com/.../newest.exe&downloadAs=FreeFileViewerSetup.exe

http://www.dltodaydownload.com/vz2GqGGVk0uTejQ7UoS08RFzw_qSUyrx1w411Wrwzwv1UiXdE4 sgQ_8HQbRKH0BPn5G9aZVTdNVK2KpLKBavjm47gAgOazjhd1VrMcTRtc8k_Dh3oW_Atqf5sql8uEuJoZw5Zm1_1y0cL8eoF4rNQfJ6ElKJJJyLg2x7ZrGNrd5gHj6ns8PbbbTizwJSTbnqvyd5HhtasOylxSwZx77qDVN6pbHfw==-GzEAAATcZLFBTa8EcVNwyAH7vwIJ0AIPWUkfG0GTNaZ8qM8GhGNS1f_W4eiKBw==

http://www.freefileviewer.com/start-download.html

http://46.165.230.52/.../ffvsetup.exe

http://216.92.173.151/.../dl-ai.php?pid=37

Remove 3569046_stp.exe - Powered by Reason Core Security