» 36a54462_stp.exe
Overview
Analysis
File Details
Downloads (10)

36a54462_stp.exe

QUICK IDEAS, S.L.

The application 36a54462_stp.exe by QUICK IDEAS, S.L has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from www.giftvaultnow.com and multiple other hosts.

File name:

36a54462_stp.exe

Publisher:

QUICK IDEAS, S.L. (signed and verified)

MD5:

b9d0ba8cbc38e7f5efa894d074ec233f

SHA-1:

02460c440642208c0250b884644189938ae2afc3

SHA-256:

b091afd3271a12f51ad569e0bce2131e941a104870bd197f76a7b1f46056f692

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/23/2024 7:03:14 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader14.31152

9.0.1.015

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Vittalia.QUICKIDEAS.Installer (M)

16.2.1.17

File size:

83.8 KB (85,784 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\36a54462_stp.exe

Digital Signature

Signed by:

QUICK IDEAS, S.L.

Authority:

GoDaddy.com, Inc.

Valid from:

11/20/2014 12:21:14 PM

Valid to:

11/19/2015 5:50:57 PM

Subject:

CN="QUICK IDEAS, S.L.", O="QUICK IDEAS, S.L.", L=Madrid, S=Madrid, C=ES

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

045285563DEF81

File PE Metadata

Compilation timestamp:

1/5/2012 7:21:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

1536:Rl1u4wYQzaWUqRNIk6MbklLsv1Q79wotCJ+4Romu/FSmRqq2W:RlU4wBzaWRRu38YLsdQGlJ+45Q1

Entry address:

0x4131

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file 36a54462_stp.exe has been seen being distributed by the following 10 URLs.

http://www.giftvaultnow.com/d0KbNfv3 s4wLW79IbsSYr8MhrQUjo4lTYpxPj4gaz7nbH wAKPtvwDUzTFX ZK0Rx6duJREk7o8w7V5fo_F3trALkWQiwfwqA92Qyii_oxpckvlwSFZ9XnjRqhAYtJ7C4hyZtirUDNPGx5knjnwphBRnebCEXGiqQN8QxPvVKr9bw8KutyUTUNkT9TTscu1dkHmNOlE-Gz0AAES3eX7uu QvWdRTogbCRA4cWijhXQ8bY2eLEvnGN5hy3zxZbB98g 2sbOxGKugziBrGMIm

http://www.giftvaultnow.com/RIiPuiIpMMtj6q atCqQYqxCELV2E_Pb5QkaYJGcdEqk_vtqFBnYr0EGLwMzKBr0U_kaF03JzXYJLYMLQd2MzK8vFhvkDLBAjXG6HYvo5j5Y72QKxYEVNMMFCKtSlyxmXFHt0W6DcCOVyVUxVBQHmh9yq7vjMSUnndmcZR4mdXJUhaPuOv0=-Gz0AAES3eX7uu QvWdRTogbCRA4cWijhXQ8bY2eLEvnGN5hy3zxZbB98g 2sbOxGKugziBrGMIm

http://www.giftvaultnow.com/3Q6MS2OfqCzlbkfAnKGvikWczGr5Na0B9n0fHSnEk SBwnI4hmVs2VQ3_qokfci4 9OCE5Ia9nW1UgughT8L85g7UB1ZBYX6A5waK6U2mic4ZbCL Gm9cmILKMMeuALcApgktHTHuRzvNtg6xPUTWATQh_RT5glsFbiHAEyJN6beh_6tsR0=-Gz0AAES3eX7uu QvWdRTogbCRA4cWijhXQ8bY2eLEvnGN5hy3zxZbB98g 2sbOxGKugziBrGMIm

http://www.giftvaultnow.com/MrbGl6EuiFt_m56ppytoMXdrF9Fv0jyPW_AUHeKRhdAt4RtU3E nFbw6CDtkuwDRHFvs3xt_LYqokH6UFFEHCnS42ZP8UU_vXN pXRc4fsKOjglWUeT2DsqsmgfWebNn3C4K6sEHMr_enzhlnpF sa3cynDCeZ2YDp070PKnjPBn3zKH0nZwhTeK474VdfnYLmS1jtv7hk7dojqRktkTA7luoWfqLdOP0_kRn81Nakv2kWkcQbCqL02Hm5OufLdWjQoJPvp0QFgT5Gzb8YdMBhN1REYJt1ZE1OLVUtcBAPZbLKbyqDQ=-Gz0AAES3eX7uu QvWdRTogbCRA4cWijhXQ8bY2eLEvnGN5hy3zxZbB98g 2sbOxGKugziBrGMIm

http://www.deliverycenterworld.com/WVl6OTRQVkkzZGlVeVFtcFBhMFZQTW5JeVJsbHVkWFJZYzBwRFpHTlVRVkJGVTJGUE1UWndZV2c0ZUhWQ00wTlBTU1V6UkNaalBYVllVMGR0TVNVeVJtbHVPWFJWUkdSUE1VOXFkblZuY25KRVR5VXlRbTAyVFZSbFoyaHdaVU0zWTBOMVpUaDRVVFZsVFhWdEpUSkNUbXQ1T1ZKWWFIRkRjMGNsTWtKNGJpVXlRalo1WVhoRVlpVXlSbGxQZUZKQk5uUnhkVWh0TlRoeGVWY3hWSFpTWkdwM2NIcG1XR3BwUzFCRlVWWlJSVEZrUzJFbE1rWkJkVlZwTjBOME5HVXhiMkpQTUd3NFRuTTBZMEpoUW5saFRTVXlRbmh4VkRGeFRFNUZNRkVsTTBRbE0wUW1aVDB4Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHY21WekxtVnRhV3h1TG1OdmJTVXlSbU5oWTJobEpUSkdkWEJqYUNVeVJtMXBibVZqY21GbWRDVXlSbFZ3WkdGMFpVTm9aV05yWlhJdVpYaGw=

http://www.packageconecptbulk.com/c?x=DiOvkaNTifSTVZERWouv8FdZ 25MNCjs7QkBdbresa4=&c=tu58SyacaqZFy2533QnuSbR7QX0HZAHix Z6hdXn6ZYl0NrPcY3IFRjxwdQ/4 T64LmQ57YgI2bUSGiH8j94frp8PcCc7eyLMwKeoOGlx7owYMAMItz8igqAaSHSNeXB zzxXRjGaGcrflXVwMkUAoJbG M3fB0DmlOXZ6ZYbEI=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.universesendcity.com/c?x=DuQi4ZcvCoJhiIo/OgEmIAZuiuww6C06gp2LurFVve0=&c=L6LzzMPrbPm9BCfwbLR/NMptligjCqB8U3lpVjk/P0 BUDEvYgkRF7DJJICrp13BO4YBAK3vHLBYn7AnyXGy7B14SoVmyaBBpmAKV9v/r46yLszu yY7W75RdvZ/FkMLIKfHBfw7Yw9TgXOV3dDCx3qHrn XMQiWiuNe6KSl3Po=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.guardappsconcepts.com/c?x=mS9aq9EDKsrajLsBUJS5smMT0P69Rbe 1RlTFLnK3qw=&c=45h3ZngLRunfDMbfA1s5OHUEsmoL9/U ebDDwX 9lZ3jpsT7C9OqBf8TI70gLKFh7WZ1exJHDyFH6ndLaCvvlEPw7x HnsIRCMIglpmONdR37yd65J UJ1Gl gI9fGqZaIKhZ18myDSEP0SztzMoaDqA0P4sN4rqAcntxmHwMmo=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.laboratoryvaultsfun.com/c?x=55YBLq1BMMyCuC0VCKb3HqW/JJVvZ5nk6d6ApXkM10E=&c=FYG8UWW1iaqO7dLnHWrmoXvzIV7Q9EYOs3FnbrKQMxFQ/IY h7XPeT3TllDmlinqqHNS1x6WvWXfrf9TokHUOBzahBVrxbx318fr2KdZ4PAdhdhClfK1BK4QPVG2PkM8nbnAOLD4fL5MGOjo5rQIbjv/ZwKVbKK5wpDwbEwizoA=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.bundlessignscurrent.com/c?x=BbR E8lSuKDbwphqkB9boQ fQbn5q0wwzQQY/xFvztQ=&c=kaXmF40 h9B2AIWzutObCE3532KxOZnvJt3JN3yE OaR5fXtj99GGXdQWSKTCZOAlcnJl2c53gshcX2kuJBHarE4IMeeN0hsXdetw149TgzEb90EorooSZj6gNEyn7ZiVnM0xdAZsIRTUruygONjaHxj7/65oiK8lpXASMUiWU2mmyzCeMlp7kBYzqzeDMA5&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

Remove 36a54462_stp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.