6_offer_7.exe

Free EPUB Reader

Media Freeware

The application 6_offer_7.exe, “This installer database contains the logic and data required to install Free EPUB Reader.” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.khophanmem.vn and multiple other hosts.
Publisher:
Media Freeware

Product:
Free EPUB Reader

Description:
This installer database contains the logic and data required to install Free EPUB Reader.

Version:
1.0.0

MD5:
d9db5e2fcde4cc6127088e936e5ec5eb

SHA-1:
4be509ad196791cf404d01d46ff566eb84f4737b

SHA-256:
138646caeaf8c450abfc02174e4db33bbc51796e9debad9b008d2ab75d6363da

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 12:03:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.J
14.9.30.13

File size:
2.5 MB (2,659,114 bytes)

Product version:
1.0.0

Copyright:
Copyright (C) 2013 Media Freeware

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\6_offer_7.exe

File PE Metadata
Compilation timestamp:
11/18/2013 11:50:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:o1OpcThFzINe7KmARLPFgdMjdK9EqbwyYWkW39YDGxsKMQRkHRQE2KzH+uL:o1OmThhINe7+PFg6FW39YDGxsKkx+O

Entry address:
0xB5209

Entry point:
E8, E9, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 33, EB, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 64, 7F, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A3, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, 9C, 00, 00, 00, 8B...
 
[+]

Code size:
932 KB (954,368 bytes)

The file 6_offer_7.exe has been seen being distributed by the following 15 URLs.

http://dl.khophanmem.vn/free_epub_reader.exe

http://in4p.com/red/out.php?to=http://.../?data=jI6bjdJwckDIVnDfLF8wqlK/6i/O7eP+Vkak5XBFw5uFTMgY4JSuhp6Z0OgwYbQa3NDqONE0K1lOxDIG+HXpRfJ6NUEqmaheMcw67Kwdc3kKYoTUFc1rlx+vWp43WFkmNH6mo60Oc6v/Vib2W6S+VjeGlKSkcpp37MiwGwgBSqIWJy83NOvlv3kSB4stFIpKp0LW5iF/MrL6tpPjsgrGDXoOARKjKIhCn7UMHMmDPiBhkPkt4j7Uzu2lN9FIiyXxhTWiWhF+pu87gihstlE1FPz6lhKoyJTyhy44jpUK4Sndhp4pam4jIDy0zdHazE8X7ak02PcQYKAEO7FGPpI+9YO15xyE7OkN5Vl+DGUJrpJWmYFL1tCqHNppXh0dMu0s3DrtBDh8dXtvOykkYB7XW0LULkfbYMSFm9lcdnowLe5puHxv4b1bn+p7sdZcWwjqcB+diZYmwCl/7fsqqW9bKEMJtey5woT9o1r1udQJSKNHecSm/BgAALP8rZqD6Fsfkip7U7dHDdz9wDykr+FsiACENaRDCspEIZ43bmk=&key=ERzbdWCqrde34r5CtsLho/Xo7kvXaIRrKWGgBswR1l659DbgxREjpDcx7c2oCkZJQJdv74qZlK8P8EEqmE6iPglgYzyzG8qTSShkfdzK2I/nQeD2umiepPL1eFEeuaem7KpKg36Vt0pn0gTnsqfTuIt9rpEagSgEgC983zpCTira3vwX/PvR2upSGmCce9zcxgq1afqNkf2t76DpmvFrY9JSHlIHi6BGrhxOAaiM8trQDxe/GqRluiCt28PlwBjSSKS50LwZn7viQMUM/at0BB73UR7zCPB2zK6JQVE/ySZjppHsktOaPGe4egeS7Fx5nTejCmHOUFM

http://mediafreeware.com/download.php?domain=mediafreeware.com&folder=files&filename=epubreader_setup.exe&sig=epubreader_setup.exe&h=b06ab923784b39a67b194611f6d3dde2&t=1464572769

Remove 6_offer_7.exe - Powered by Reason Core Security