home

3fba9d96_stp.exe

Active Dancer

ActiveDancer.com

This is a self-extracting archive and installer. The file has been seen being downloaded from active-dancer.software.informer.com and multiple other hosts.
Publisher:
ActiveDancer.com

Product:
Active Dancer

Description:
Self-Extracting Package for Active Dancer Installer

Version:
6.0.0.2

MD5:
4d244031670fcca228f275c004c0a0a0

SHA-1:
49a0d17a9949f0b114b0d393597b62d39a8ca1f7

SHA-256:
249d16217cf250cfaf19398e330db150a0a64bb9e0641b7ee3edf03c00231460

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 2:35:11 AM UTC  (today)

File size:
687.7 KB (704,237 bytes)

Product version:
6.0.0.2

Copyright:
Copyright ActiveDancer.com

Trademarks:
ActiveDancer.com

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3fba9d96_stp.exe

File PE Metadata
Compilation timestamp:
3/18/2016 6:56:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
12288:WHjWtIEGynN/EP1bIbGKM5If5WAnoHwRqwI0rQ+D+vDiE2ucvfbD80ikjxTyY:5Gy2P1bIViq5dmwlrjy+E2uMf83o/

Entry address:
0xC210

Entry point:
55, 89, E5, 6A, FF, 68, A0, 3D, 41, 00, 68, F8, D7, 40, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 83, EC, 48, 53, 56, 57, 89, 65, E8, 68, 00, 00, 00, 02, E8, 1D, 2F, 00, 00, 59, A3, 78, 50, 41, 00, E8, 52, 19, 00, 00, 85, C0, 74, 2F, C7, 45, FC, 00, 00, 00, 00, E8, 72, 1B, 00, 00, E8, 2D, 1C, 00, 00, E8, 78, 1C, 00, 00, E8, 83, 20, 00, 00, E8, 1E, 21, 00, 00, BB, A8, 4D, 41, 00, 81, FB, A8, 4D, 41, 00, 73, 1C, EB, 0D, 6A, FE, E8, C8, 21, 00, 00, 59, E9, 91, 00, 00, 00, FF, 13...
 
[+]

Entropy:
7.6125

Code size:
71 KB (72,704 bytes)

The file 3fba9d96_stp.exe has been seen being distributed by the following 4 URLs.

http://active-dancer.software.informer.com/.../

http://www.activedancer.com/.../ActiveDancerStripSaver.exe

http://download.informer.com/.../activedancer.exe

http://www.popsoftdownload.com/download_counter?id=106363&url=http://www.activedancer.com/.../setup-vgirl-us_6aaQdW85sAW.exe

Scan 3fba9d96_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.