» 9393.exe
Overview
Analysis
File Details
Downloads (1)

9393.exe

Smart Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application 9393.exe by Smart Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.updatesrv.com.

File name:

9393.exe

Publisher:

Smart Apps (signed and verified)

MD5:

962c417490992bbb076c79f6ad5ad029

SHA-1:

73a893e982f748677e1718b2db70b4c4d8961b50

SHA-256:

229731af763a63d0b2de1a926770a0f88ba5afb00ca1ca348282274ab630d93e

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

1/14/2025 8:57:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.50OnRed.SmartApps.Installer (M)

16.1.14.16

File size:

479.3 KB (490,792 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\9393.exe

Digital Signature

Signed by:

Smart Apps

Authority:

Thawte, Inc.

Valid from:

3/25/2013 12:00:00 AM

Valid to:

3/25/2014 11:59:59 PM

Subject:

CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata

Compilation timestamp:

2/19/2012 3:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

12288:7tobaKnnATn1lL56O8ayUF1RqXCGNM8V1H:7tJKnngHtLyU/oXCGXDH

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.8393 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file 9393.exe has been seen being distributed by the following URL.

http://www.updatesrv.com/.../.eJw1jEEKgCAUBe_y1n-RJZZeJgwtIklRISi6e7-g7Zt5c8GmNK4Opmu1aAjVlg0G616qDcFnENKLxaAU4Yy7_2w5qK6X9HvjHOxSOKIFgZfFcyPl6Pg-5XgUn5mK-wFxnCKT.jr8XWz2Uv7PEmhh_tZNxaC0VSbI

Remove 9393.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.