» abiword-setup-2.9.4.exe
Overview
Analysis
File Details
Downloads (446)
Network (1)

abiword-setup-2.9.4.exe

AbiWord

AbiSource Developers

The executable abiword-setup-2.9.4.exe, “Installer for AbiWord” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts. While running, it connects to the Internet address abiword.snt.utwente.nl on port 80 using the HTTP protocol.

File name:

Publisher:

AbiSource Developers

Product:

AbiWord

Description:

Installer for AbiWord

Version:

2.9.4

MD5:

ff4623e81f7d722259e19f09cdffa4d7

SHA-1:

ad6163ab21b1a48975a3f966699963334aedb4d0

SHA-256:

29fdb337695243f2ed8301837c188b9acd495f94112ba8cc5b371f59162f17e9

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/26/2024 11:51:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

(M)

16.6.6.1

File size:

9.4 MB (9,856,350 bytes)

Trademarks:

AbiWord, AbiSource are trademarks of SourceGear Inc.

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\abiword-setup-2.9.4.exe

File PE Metadata

Compilation timestamp:

2/21/2009 8:46:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:+ELc84QjWhobxFZ/lQ1dYjDBZAqeE483ZpevHcbwSzpLxQth:l1VNtiyjDBZAqXEHw1Sh

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 05, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file abiword-setup-2.9.4.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_br&type=PROGRAM&Expires=1456126831&Signature=XdTcBSymMy-555oVF3UVzMHK5QzkJnA0IV8Xgb4h-KWlPfnyJnNsAcEr10Wquq87a62uFkvmE6Kyj1wpugYMIfcmXKLiu-ojfqvtXfhr5V6Rdf1pkmoY9g6YkNTuA9noxTqJwFZIxfzK2WybvWXd1i6pcVYfLfkQjv~16UBQAO0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_it&type=PROGRAM&Expires=1481949726&Signature=XgnTiiAGsdf8dQd781DsINfOwN-Qqg4rgIfBkVG0YfdgmYzxadhqLMEiE3bCkG4og2Wp1ZPPlDwqUU7Xa03JzwkyRWH8iyDbwR3TEwsuw8IaM38S1opc87r-qxWqGETAg3ntfRo3eSwVYIR7lNWnCyhye~TRkUGS1c2aN2FPh9k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1486863605&Signature=L-Q7ZaIu0Nn5oVozQXn7xdcj0maO8mdFIPkcLttLTVrxbvlIhNpNTUxH~0IPXyEBZTAf0tjksVPKnAnP9bpmN3C5wGysZGmbX5nu43zec7UYQhSK8YouLM1XcN0Y4RtfGZzfNnNUgnrbPjN0J~FC0iNgR7vn3FEavRZb0f6BI7k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_fr&type=PROGRAM&Expires=1484120177&Signature=iBYrNC8n65GneMzO~dC7JG1kKVokEPmoD9Wz4qYrRepjnQ-gTSsw4h1PxX29Mo220hCM7CNvZmdU9WuvGE2h~7Mz9W5nHqh32SGOdnG9jOIKawheOGHzbmVitD63DPwt6KYcmOZmWSGjIRH73FLWDJyV3h3-dCLsre7fft8JQzc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_en&type=PROGRAM&Expires=1440536399&Signature=RJ1RzIQbzNv~jREVEllzpOY3UHsbcrohehiGIrvKEk38lyFe2ahh6onJwkdt0lQdH5xM3mVB6~ikk4luH8D0J~tGm1Ty5Kkb~SGnjh0ggaIwSRKVKB1jCBdeKqdGrAY8ek4vjsC4pJG3zU91mu2rv7yUN60zw~BbisS19rDVVOk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_fr&type=PROGRAM&Expires=1482108793&Signature=bMISsnsX84eBEmr6gEmcWnEgEmQveeEsXsJkdo3j-NFJwb8Ya4udwN75NpmU3iW5jjeIbXGdc1DRKDXewdaBC-EHks~sGppqHbiL7m9yj9Kok~BsYWun-tb9iACzBCp4DldM49~LLHm0z9Pwp8UTzFng9NnkEAk66rBwpWSp3Dk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://filehippo.com/download/file/.../

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_en&type=PROGRAM&Expires=1443240768&Signature=f94l157YBrM5WTnaIiqyOWeMWQlaNUPNtKRemkNUmD1XgGPVHxdkg7aYi1wA8PQ45OLYTlfdfg4ZEBF8nWABsz8lMJTmfnZOi5FpbWdO9yxiuXkCzTrErh6Q~TCumXG4iCbhX40IM3yc2zDzdTirDeYWbjnMiLFztAmPxcFGc9A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1465096497&Signature=RDasmNzECN6lJ3osLtSy1YmsxHUzdRrJ07RgaH~pnAqdFI7Uju9zslEO6b4KjSulb4AKzfPN5GCYsCTIehDwsWvmOEmSU1DARUR88YLb7v27dhby3VAS-atE63qxTgTPWbX8Z5AG6resm74T42It7MMjYBQPUfwFU1FREc3UkXM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_br&type=PROGRAM&Expires=1479021708&Signature=iiaIG-rpdf4dFFtCcmR32x0-HkT6227DU69QR2Znr8iNH9-REx8AHWE-pDZOqrVDvAKKZ70c9JZpQjSgMxDKuGlGaulsdwNvgYhv9jqwH-ci4uV64EuTVdY-PAaoiTYDEXhByfjATQcNyRWm2-TK3e330MVsYiyiD2dsEKt4Ycs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_br&type=PROGRAM&Expires=1475806096&Signature=G1sbpzu22BmGBGJvExC0lVkEkbHx0IP2GZ8R5bw~-tNCmI8BVpo0AK9dXewqdFGx9HSLe16AFJTkWBP5CqcRcy2g2I1U2AD4mI22dtnSzLco9cf83u~pbqc04QkQJaVXxKPJlBrxOGMwj52hk4swM0Bx0QGnr5XSuJlhFT2~LZw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1473176637&Signature=gwCWLddCd~7NTR8pVyWGjkRtUR03ZUYZLe8yKsIB-j213ZI0~JeKT3mDxbiZujIXUEEj9cFDo4yPNT0nNO4BJYkfCFR9twcYeJCOyuN1yoZSJbWBNH3g27XkPveN~8ScfdTDzbA-bmkPSvJdWG3XR8CTRYVfy1FAsyXAps-JoAk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1436681059&Signature=CcB2yqIoJeUvhjw~DS8ZHhUBsWPar3yckXl44zstLEwXKW-mIBCkselKsoD-NvDYE98p-j37yoPwT04iywOcgV82pmVYKHjSp-ZBGhY~-1CcgsDb7B9y3Tey4J2RK7EEuhplOvU8il~cmpH-4XFGqp5YOOlUS1Je6kowNFWaYhc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_br&type=PROGRAM&Expires=1485676614&Signature=WGH6IvejnvXjd8wM7KhaIb~XhC-Km3bJT4dyB9EzdaIGsx8RFqbG0H4n0EBzknP5nSMDDKBY8a7uEt6zS28VgLwBojb3onlJaX9spPY-uy4h1ibAF7VIcs-bLQjzsW5vEbInQ7GLeo8Xifk3MtL0kGZkgG1t3cTBGcWphwvHYsU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1446927818&Signature=KV-eu3J5C27HerhXWBELIuFAmvAu0Ffg-o5QReEYeAanDZi8tGzW-rD~ft8TOihz4vcAhDrsgeI2C08sri88coStfUWgjSKAJfcBc64jHutNYlKvY-j8H69WBBU27ZbN4o~Y-cWswGIU9D9nGgk~YjWTpuX7DEJRT7nzvTXlhpA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_it&type=PROGRAM&Expires=1486537375&Signature=O9KFboZZQSWQ~uVugR0q08qzQ64IojrISVU8G~BsnDHJp9gnO2fWSAv7DCG-P~ox8jcAAeQBS6mKoLLMfASOqsaBDf80DeVe2LQRdMWbQlozGEgkNcTgkinlFwntEbq68Ls8CYm5TvWvLXvd~1FCHSHNpTVK5eqiGcIBCklra~8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://indir.gezginler.net/i/4898/.../

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1441374352&Signature=QlBO723a~MzlEkjCN22rFwZvgT98Ec6s0l4dtzqndXliq7dJAlyCLsBcgTHyN6cKwyFnuP1g244Kd7vh5zeOLuhKcSNK3HgBSKQKGnRdWSnJHEuYgTOE-rqiKXxWzs1y6QHA5ypJMM-nHJFhPg3bAzn65fms9yKFV1T9YabBpIk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1485913295&Signature=fkNdRBfhxskuz40mTeWm2Dy7nxncPVpodwCqO547hAijTE7l7GY-CfE6D1PLDtEyuiYJ~QwmA8W8jwcRW6o-Oht4QMTk6Neb6blGx~0LSsFWrPYTYOhlvOSW8V2TMTvg27ceLHKcA1lTntGis3jdToiS7scgyTS4ahaYH6iepAI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_fr&type=PROGRAM&Expires=1441434803&Signature=fEnkgBNevOzVUh51u4rbn73-kRN-r-rASIjFIe1M3gkV6XoHbcCf~HV0vr0BSXjhJ8yWfpQeMlJeKm7jx5hK87cEMiGg5JlBB5NOFdA5eY8dgxCZ2OKj3AjVr~oF0SSeiiCHCKfan7ThTJHuqlQXmS2smkDparvDiDNhYsOacCQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1476675114&Signature=ZPwB2GkBTgvx7oRD0rdoMJ0PBpYKNOtIe9CPK~4zBPC9MZzLdt~8QEM8vgbMGR3sa5N~xdr~YaURRSPWhMuv2RzR7T8FtM3TJDCPh04DRInBkEmeGbzeX-lSnRZmBoqTl~73~XqooyfxnjRP8ErP~MuCom4ABOnD~jjdpJeDnaw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1484783509&Signature=ISs4FEPZx2ZdEvlFPDW1tFS1H-dfs-mXHExqrIN6KP4jci38zOXagNeom4drRJuG6KIICCaoXqf-eTsYM-hVEPdWwzlXYut9yq4IyqDQNfECPrvkeljnAKB~IFXUdj-~hgcK6Nk7jUmxo4oRvt80NFbHaHFgIuHs~3y7HaLTsAc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1478072274&Signature=KoJ1RAW519nvICa1JYwhJGbhfhIDiIFS~WACm43L3BcOudE2PetvIaLy489lJAvhdE94g2w~00fKtcX4Ftv2vHFEo2B5kdK6BceS6Bv96LB0Tutbkq3pdo2TMZ8rxtUTJ~6GSeO7arE067NkNM3DKXDkZhQA52KraYeT9~V866A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1477444064&Signature=gYbekvp595lbCh3mqrCThcu9Ilz2NY3kJKiwcL108seoAdGRnaC7TFKj75LfBsBQGh9TgNEo5QqkZ~9jjbxJY91OpA6X62PLcPJmN~yj76WSSgReVGVyW~A-QJYm2JkSfdajrYerFwW489Gr5basOXODiJ9NCps3hAui1O7so9E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1447222345&Signature=ATTtdD1p22D2j3uwqzmdR8EaQw0~qJX-dEDuUT405kqb~BFUi0KsvWPAuB9POpvXGgc5Xjj8OvA~fJC1OXMLr4qX4FOT1LAHmb8Nq6~zFeEpKJUT~NL81HPG457tMFAWv89rsBbo4chUOJb3sN1aB67Er5DUH1Qed2v7EpDUqc8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_fr&type=PROGRAM&Expires=1485076551&Signature=HAuXVHvSDP8WhL7myyt6gqOSRpHjMktfB~PT8eePE4~BE-~gm2zIrhfK4OiNcB0brZmalLuY8O892MScrfq1qaWqFd6j6xMyXl0qTrBbqLbTNFSOD~LI6waje0Yj4nQxHCJrqGGVAVOMiyHpHtr7OZuzBcfCxZdhHJMq4H4ZXcE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1473467233&Signature=GPfsadpTSsqpxehaBC2ljozRkE74JTnIekEfGvW3mgOR5AmXqPDLn8us3iXLOmsWvxdu0GJTuvtDtYIXIzhvxWYF9Y7FDCt~jHILVZEjksUJnAhYWLtHhp22WUOMM7yrBFAOTOXdOsHcFSePB9CIYa8AvsNrIsihC-x5x66CPJ4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_br&type=PROGRAM&Expires=1469947645&Signature=Xdl7x0zX8SOU8d5O4mqoI8~x0KSjI92xrQxgMh64rzQ1SX~Zr8DNEcMfoaISX2TzHvLrw~82BzXfgr~Zjr71OfX2milTddfJ533DLUISL3QGZ52Ykl-xcnQH29VJTYiVEmmEr0iypKcDph9SbEpy1RrcdDis07b4wdS2nCFC96g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_fr&type=PROGRAM&Expires=1456884794&Signature=h9qIYApFlGxWmTa9Acfo3WLOEe~eAkqzMKBSbsteceXCwURlLrPR~iVIFokrfWaF8N8nEtZFxJIy5dz9Pz9eHTkS-6rzINx7UZiOyVNRyBPql0~MDRMlRsB~srIwSePTgxvg1AghEgp8iUFzcSWUHMpti4HBDVNNcLwoPPGgYtg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=abiword-setup-2-9-4.exe

http://gsf-cf.softonic.com/ad6/163/.../file?SD_used=0&channel=WEB&fdh=no&id_file=13357&instance=softonic_es&type=PROGRAM&Expires=1424899426&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=WYtSaRmkw~L76JqFgdCzM2CyYuphe9vloP8mGdLyGyejVYQnWGmJ5QicyRQ4ISPiPhSDhbdvyhYNdujLCiS7bevlQg5fs4UBFl-HWeHk~5HVCYtktujbWzTeJSmCn-vcLUrarMgXGyXRD~BANi8~NwvwF8IVleghzyyQLmgiOLA_&filename=abiword-setup-2-9-4.exe

Latest 30 of 446 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to abiword.snt.utwente.nl (130.89.149.216:80)

Remove abiword-setup-2.9.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.