52aa3a70_stp.exe

AppWork GmbH

The application 52aa3a70_stp.exe by AppWork GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
AppWork GmbH  (signed and verified)

MD5:
3fc39ac102d3418f2b9d5244860fe6e3

SHA-1:
583b782339cd53f22a20b9e66f27fcd7ef69bd83

SHA-256:
e683179205dfbbe1092d5ae40e416f5e945167858f8b6b7c42c8f70a2869b1d6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:08:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.29.3

File size:
33.8 MB (35,441,792 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\52aa3a70_stp.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
1/31/2014 3:51:29 PM

Valid to:
4/1/2015 4:00:41 PM

Subject:
E=e-mail@appwork.org, CN=AppWork GmbH, O=AppWork GmbH, L=Fuerth, S=Bayern, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218C489DBD3BC8AF35CDB519BA450DC59A

File PE Metadata
Compilation timestamp:
3/19/2014 12:49:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:/YQ3VzphfEm9EgCCAKgJFFwv0lzsvbKQnltCwaHgJ+uk9q:9lgDgJA3/wLllK0+vq

Entry address:
0x1F97C

Entry point:
0F, 8F, 15, 01, 00, 00, E8, FD, 9C, FF, FF, 4C, 63, 65, 10, 44, 8B, 75, 0C, 4C, 03, E0, 45, 3B, F7, 0F, 8E, E4, 00, 00, 00, E8, FC, 9C, FF, FF, 48, 8B, 4F, 30, 48, 63, 51, 0C, 48, 8D, 44, 10, 04, 48, 89, 44, 24, 70, E8, E5, 9C, FF, FF, 48, 8B, 4F, 30, 48, 63, 51, 0C, 44, 8B, 3C, 10, EB, 34, E8, D2, 9C, FF, FF, 48, 8B, 4C, 24, 70, 4C, 8B, 47, 30, 48, 63, 09, 48, 03, C1, 49, 8B, CC, 48, 8B, D0, 48, 89, 84, 24, 80, 00, 00, 00, E8, 24, F0, FF, FF, 85, C0, 75, 1A, 41, FF, CF, 48, 83, 44, 24, 70, 04, 45, 85, FF...
 
[+]

Entropy:
7.9946  (probably packed)

Code size:
206.5 KB (211,456 bytes)

Remove 52aa3a70_stp.exe - Powered by Reason Core Security