additionaloffers-setup-42706563.exe

Shielded Install

The application additionaloffers-setup-42706563.exe by Shielded Install has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from int6.cdn.hw.routinetrends.com and multiple other hosts.
Publisher:
Shielded Install  (signed and verified)

MD5:
c5573e4974cd6c7babb1b9536dff4fe9

SHA-1:
f2e2fa9de4696ff635334f168fd184f861e46bd2

SHA-256:
83d9e7f9ccfdc2cb00a4f10aed447b09f6ea8efda5ac82d83197eef1f306d443

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:02:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShieldedInstall.Installer (M)
16.2.17.6

File size:
469.2 KB (480,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\additionaloffers-setup-42706563.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 3:54:38 PM

Valid to:
12/8/2016 3:54:38 PM

Subject:
CN=Shielded Install, O=Shielded Install, L="Oakland ", S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2683AB62227F1339

File PE Metadata
OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:LYOkSIam0Ij7bnzXMQMMJcjUqXC/6jqSkXP4fKhka4:LQSIamxj7LzXMumFC/6jFk/4fKOa4

Entry address:
0x47130

Entry point:
55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 34, D1, 46, 00, 68, A8, C0, 44, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 63, 55, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, 2E, 55, 00, 00, E8, 5D, 54, 00, 00, 8B, C4, A3, 7C, 12, 47, 00, E8, 5D, 56, 00, 00, 6A, 00, FF, 15, F4, 1A, 40, 00, A3, 84, 12, 47, 00, E8, 2F, 56, 00, 00, FF, 15, B0, 1A, 40, 00, A3, 80, 12, 47, 00, E8, AF, 59, 00...
 
[+]

Entropy:
6.2565

Developed / compiled with:
Microsoft Visual C++

Code size:
315 KB (322,560 bytes)

The file additionaloffers-setup-42706563.exe has been seen being distributed by the following 50 URLs.

http://int6.cdn.hw.routinetrends.com/dl-pure/1200193/.../?bc=1200193&checksum=43218025&cb=-34137781&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215591&cb=13176561&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842221&cb=-1252308932&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842591&cb=1441824188&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200193/.../?bc=1200193&checksum=43215289&cb=-1584556043&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215633&cb=-604553601&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51844071&cb=-1769010272&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842643&cb=1531468180&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842221&cb=-441902016&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51007879&cb=-803551336&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=2020631598&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215431&cb=-901316422&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51843927&cb=-682430655&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51844351&cb=692972832&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51843927&cb=527528792&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-1265962743&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-572516099&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=329870574&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43216877&cb=1872558068&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-2105026458&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=1337479853&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=822329915&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43218271&cb=1288497996&usefilename=true&executableroutePath=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842225&cb=-1946300275&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43217105&cb=1709693524&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43222983&cb=1239022642&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842591&cb=55813017&usefilename=true&executableroutePath1200233&stub=true

http://intva6.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43217105&cb=2046220283&usefilename=true&executable=1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200801/.../?bc=1200801&checksum=51842263&cb=-327390014&usefilename=true&executableroutePath1200233&stub=true

http://int6.cdn.hw.routinetrends.com/dl-pure/1200195/.../?bc=1200195&checksum=43215633&cb=-981102918&usefilename=true&executableroutePath1200233&stub=true

Latest 30 of 665 download URLs

Remove additionaloffers-setup-42706563.exe - Powered by Reason Core Security