47009502_stp.exe

Nero Self Extractor

Nero AG

This is a setup program which is used to install the application. This is installed with multiple programs including Nero 2014 and SyncUP. The file has been seen being downloaded from dc694.4shared.com and multiple other hosts.
Publisher:
Nero AG  (signed and verified)

Product:
Nero Self Extractor

Version:
12.0.3.0

MD5:
835b3be69e17bd76bb980a95b9701738

SHA-1:
931679d78e5199eb1706d2010be27959246bca61

SHA-256:
cabd1ee31706db562678eea9d0c0fc53bdd664e8786f8ff6668853a85203377f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:09:45 PM UTC  (today)

File size:
185.2 MB (194,224,624 bytes)

Product version:
12.0.3.0

Copyright:
Copyright 2011 Nero AG and its licensors

Original file name:
NeroSFX.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\47009502_stp.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/21/2012 9:00:00 PM

Valid to:
6/21/2015 8:59:59 PM

Subject:
CN=Nero AG, OU=LEGAL DEPARTMENT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Nero AG, L=Karlsbad, S=Baden Wuerttemberg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F5F2725B11E258A905707175244664A

File PE Metadata
Compilation timestamp:
5/15/2012 5:35:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3145728:M7gj6AF1bp4I/my9j0KjMnH2cTuq2BzkVPDtnxUd2jbEx7j8TKoHYuB+hTHz6NJS:M7g/NaIDXjiWbq2Bzk1D9qwbYoTxHYu4

Entry address:
0x121E37

Entry point:
E8, 6C, 9F, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 90, 15, 5B, 00, 75, 02, F3, C3, E9, F3, 9F, 00, 00, 8B, FF, 51, C7, 01, 2C, 13, 58, 00, E8, EB, A0, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CF, D1, F0, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 2A, A1, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59, 8D, 7D, E4, 89, 5D...
 
[+]

Code size:
1.3 MB (1,393,152 bytes)

The file 47009502_stp.exe has been discovered within the following programs.

Nero 2014  by Nero AG
Publisher's description - “Nero 2014 is the ultimate standard in multimedia software, allowing you to manage, create, convert, play, and burn your movies, music and photos for the best entertainment experience at home or on the go.”
www.nero.com/eng/products/nero/free-trial-download.php
9% remove it
SyncUP  by Nero AG
Publisher's description - “SyncUP powered by Nero is the easy way to keep the smartphones, tablets and computers in your network in sync. Sync your photos, music, videos, and documents across the devices on your home network, so you have the content you want2 on the device you want.”
www.nero.com
19% remove it
 
Powered by Should I Remove It?

The file 47009502_stp.exe has been seen being distributed by the following 14 URLs.

http://dc694.4shared.com/download/.../Nero_KwikMedia-12500300_free.exe

http://d1.dl-softobase.com/NeroKwikMedia_Rus_Setup.exe

http://dl.cdn.chip.de/downloads/.../Nero_KwikMedia-12.5.00300_free.exe

Scan 47009502_stp.exe - Powered by Reason Core Security