7145151_stp.exe

Device Doctor

Smart PC Solutions, Inc.

The application 7145151_stp.exe, “Update your drivers now! ” by Smart PC Solutions has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download1362.mediafire.com and multiple other hosts.
Publisher:
Device Doctor Software Inc.   (signed by Smart PC Solutions, Inc.)

Product:
Device Doctor

Description:
Update your drivers now!

Version:
2.1

MD5:
414f98b5286d89a9fa7736d94b687c1e

SHA-1:
9676a9f5a1a673137f1930432721631865a15b43

SHA-256:
417cecd0d0fa2c1b1dd824645a324ef6a1af724c2e6434eb6ba32ed514dbeb46

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 7:01:25 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.SpeedingUpMyPC (variant)
8.9386

Reason Heuristics
PUP.Optional.SmartPCSolutions.L
14.6.10.14

File size:
6.8 MB (7,178,224 bytes)

Product version:
2.1

Copyright:
Device Doctor Software Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\7145151_stp.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/5/2011 1:00:00 AM

Valid to:
5/30/2014 12:59:59 AM

Subject:
CN="Smart PC Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Smart PC Solutions, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
502E76B6ACDCDE4F3336BF9286946063

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:CkKi4JttDt0Jz3bAhesLsFm8P49uehbx76BYgm:I/tDWRrSesLsFm+4ZseV

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 7145151_stp.exe has been seen being distributed by the following 27 URLs.

http://download1362.mediafire.com/vf5bvivi1u9g/.../DeviceDoctor_Bundle.exe

http://113.171.224.214/.../DeviceDoctor_Bundle.exe

http://gsf-cf.softonic.com/967/6a9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=87782&instance=softonic_en&type=PROGRAM&Expires=1471730558&Signature=gFa3BKMUTX1HIR~RTc76pu~cUTRM5gfi2h9~Dw1LCio17QurCd8h-YWKdCgm6TGI0Vfm83l0~JeHJDbEnQrTivu-SGoTjt48WKPU4ijeecI7klMk3uraf0EBC~F2A9uekSTT6OI4dDY3kSWLt75yerStCb3cyQaOfc~kAoRQlJQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DeviceDoctor_Bundle.exe

http://soft.mydiv.net/win/dlfile04c46_256864/.../DeviceDoctor_Bundle.exe

http://gsf-cf.softonic.com/967/6a9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=87782&instance=softonic_en&type=PROGRAM&Expires=1477546722&Signature=E7NaD~SNRMM6iTLwGGVso7~k3XkXJIOLjm4vf0F2cdJZG8Vo10Kze~ji920RKGDc0T-O6Je6nabirEJINWaxsADmGKPMUU3oOj6jg--9UGdbf~idvTSeW1I9Yn5NCOHjqewV63N4QvQFYJKjPdqtdOkZGY-NJ3Ds7EEj-mibpbs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DeviceDoctor_Bundle.exe

http://gsf-cf.softonic.com/967/6a9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=87782&instance=softonic_es&type=PROGRAM&Expires=1469919910&Signature=H8-IoOxm2WjA7oofjWIH2i5cMqcEc44U8ltCQpEPO5KTREmbn1ZZ41MiJH-5l8j9uC8YhAhQaMhXL4FmOVyLgCqvHKukpcolDoA8uaAxrWBFpLjxi0foYHYUCrqYxVGeepHl2g7tG2oZhCa4zOVAnnajso3l3hTL5G6FK6IjlNA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DeviceDoctor_Bundle.exe

Remove 7145151_stp.exe - Powered by Reason Core Security