» additionaloffers-setup-42706563.exe
Overview
Analysis
File Details
Downloads (665)

additionaloffers-setup-42706563.exe

Shielded Install

The application additionaloffers-setup-42706563.exe by Shielded Install has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from int6.cdn.hw.routinetrends.com and multiple other hosts.

File name:

Publisher:

Shielded Install (signed and verified)

MD5:

c5573e4974cd6c7babb1b9536dff4fe9

SHA-1:

f2e2fa9de4696ff635334f168fd184f861e46bd2

SHA-256:

83d9e7f9ccfdc2cb00a4f10aed447b09f6ea8efda5ac82d83197eef1f306d443

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:40:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ShieldedInstall.Installer (M)

16.2.17.6

File size:

469.2 KB (480,480 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\additionaloffers-setup-42706563.exe

Digital Signature

Signed by:

Shielded Install

Authority:

GoDaddy.com, Inc.

Valid from:

12/8/2015 3:54:38 PM

Valid to:

12/8/2016 3:54:38 PM

Subject:

CN=Shielded Install, O=Shielded Install, L="Oakland ", S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2683AB62227F1339

File PE Metadata

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:LYOkSIam0Ij7bnzXMQMMJcjUqXC/6jqSkXP4fKhka4:LQSIamxj7LzXMumFC/6jFk/4fKOa4

Entry address:

0x47130

Entry point:

55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 34, D1, 46, 00, 68, A8, C0, 44, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 63, 55, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, 2E, 55, 00, 00, E8, 5D, 54, 00, 00, 8B, C4, A3, 7C, 12, 47, 00, E8, 5D, 56, 00, 00, 6A, 00, FF, 15, F4, 1A, 40, 00, A3, 84, 12, 47, 00, E8, 2F, 56, 00, 00, FF, 15, B0, 1A, 40, 00, A3, 80, 12, 47, 00, E8, AF, 59, 00... 
[+]

Entropy:

6.2565

Developed / compiled with:

Microsoft Visual C++

Code size:

315 KB (322,560 bytes)

The file additionaloffers-setup-42706563.exe has been seen being distributed by the following 50 URLs.

http://int6.cdn.hw.routinetrends.com/dl-pure/1200193/.../?bc=1200193&checksum=43218025&cb=-34137781&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215591&cb=13176561&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842221&cb=-1252308932&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842591&cb=1441824188&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200193/.../?bc=1200193&checksum=43215289&cb=-1584556043&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215633&cb=-604553601&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51844071&cb=-1769010272&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842643&cb=1531468180&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842221&cb=-441902016&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51007879&cb=-803551336&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=2020631598&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215431&cb=-901316422&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51843927&cb=-682430655&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51844351&cb=692972832&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51843927&cb=527528792&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-1265962743&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-572516099&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=329870574&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43216877&cb=1872558068&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-2105026458&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=1337479853&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=822329915&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43218271&cb=1288497996&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-1946300275&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43217105&cb=1709693524&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43222983&cb=1239022642&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842591&cb=55813017&usefilename=true&executableroutePath1200233&stub=true

http://intva6.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43217105&cb=2046220283&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842263&cb=-327390014&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215633&cb=-981102918&usefilename=true&executableroutePath1200233&stub=true

Latest 30 of 665 download URLs

Remove additionaloffers-setup-42706563.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.