apk2mobile-latest.exe

Softonic International SA

The application apk2mobile-latest.exe by Softonic International SA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from apk2mobile.en.softonic.com and multiple other hosts. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.
Publisher:
Softonic International SA  (signed and verified)

MD5:
a3add13899202d1b333a3ecd32cc4fce

SHA-1:
e831a8dfcdac5fd9e715e4c1233c3e4268b52b2f

SHA-256:
a1dcf35eca28d1ffb4d2afd1f9229dd6a4a77c88f53d7ad9b9bb1d40ef03074b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:14:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softonic
16.2.25.18

File size:
957.9 KB (980,856 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\apk2mobile-latest.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/3/2016 5:30:00 AM

Valid to:
2/3/2017 5:29:59 AM

Subject:
CN=Softonic International SA, O=Softonic International SA, STREET="CALLE ROSSELLO I PORCEL (ED MERIDIAN), 21 - PL 12", STREET=Edificio Meridian, L=Barcelona, S=Barcelona, PostalCode=08016, C=ES

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B0B155FE8EE9DFD42DDCE9ECC107AEC0

File PE Metadata
Compilation timestamp:
2/25/2012 12:50:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:70gezcPDdZ+q1vVcKKEMaNlbbjP0zaH2ijjQBMiMr6WhGBpY+z:4Nz8Z+SMMlbbjIadjEBw6WhGBpY+z

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
6.8299

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file apk2mobile-latest.exe has been seen being distributed by the following 3 URLs.

http://apk2mobile.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAMaPiaKHQJ2gMTKJjBcJvk0HDSBkHGw0zISI2g5pWVpO/ItJVlQU8gvTXjUp5ib0rT6y/WL IBL5cxcqKpafVDihcPXBgvPzApDrQXi2rL XxU PLsjGvrYmMQmKE FQD1poaaBqSXDiulBSrUdKTIYlUpvSlNYee5QUwGB7 wFnjp4r/7It91NhOXX0LMPMgrpduorvGjixU/6qUQDSVfuEjJsohEx96P93TFODBmVRLt30giDkhmEmeTxPvI37Ue xrW84i04VbV53FeiizGkadO406gIEaZZ9ZgsYl/fOD/lzXUvD ZqbhMwBu7RZvgkrEBUKHYLkNyI1BEnXDmOlgFXXcZky6SXAnSA CjQnaqHEu340153VE3SeLM371r DOU2wtnhtNisuQQn6sVcD1q7hYiz1vWDmpFbnf0jGOfQNGd3L/uTGtezWC51Ks9zpLV7nCD4utPRZEt32DaTRkWNNHI/a7vc1mFG eJeJ7SbpGYbksMFE3mTe4T0AmLsDRaGKD4hRskiwihFo36pLK9k4SnNgfsug6Z7pOOaCrU/.../XmwBwu6CTwTDzXo9iYeeqOU4=

http://apk2mobile.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAMaPiaKHQJ2gMTKJjBcJvk0HDSBkHGw0zISI2g5pWVpO/ItJVlQU8gvTXjUp5ib0rT6y/WL IBL5cxcqKpafVDihcPXBgvPzApDrQXi2rL XxU PLsjGvrYmMQmKE FQD1poaaBqSXDiulBSrUdKTIYlUpvSlNYee5QUwGB7 wFnjp4r/7It91NhOXX0LMPMgrpduorvGjixU/6qUQDSVfuEjJsohEx96P93TFODBmVRLt30giDkhmEmeTxPvI37UdoMwNbaj6G29VnYN1Ex1grGC3jkvUrUrYfTbAjFvw/VpbZ0DA fPyrP42xN4XkPlTVmfUF ozue46WGEl6r0uNXI4gQ8nWsUIpA0gFo9WsjmvhfaYM5NolsZ5ZKPzLtX5L72rFn9JNtSIjP8qr3 u6MfJVHRd1v2O0S 5YASBI/ZdUDgkghbx68wcp9Qs PoCp0fb2AzR4YoAv5hbL00gsYP/QPwLpflpwGY/DdyrkEe7tAdmXcCTAQriHh2ojZx6hsZ/8nABumsl2Miz gC3PQgO4 l4vkX5tU33idUWyI7U/.../XmwBwu6CTwTDzXo9iYeeqOU4=

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cache.google.com  (177.36.3.155:80)

Remove apk2mobile-latest.exe - Powered by Reason Core Security