arw7site.exe

NowSmart Limited

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from sites.fastspring.com and multiple other hosts.
Publisher:
NowSmart Limited  (signed and verified)

MD5:
b2297c6388f279e47e6df570abe00d09

SHA-1:
a9b56cf27186ec9c08ac9b59f9b082eb9162ee18

SHA-256:
ad1f5cb9ecb933c9d498c9644548864eae7c8e207b933ad8eb2339e35422625d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 8:15:30 PM UTC  (today)

File size:
3.9 MB (4,121,400 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\arw7site.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
6/29/2016 10:32:21 AM

Valid to:
3/29/2017 9:32:21 AM

Subject:
CN=NowSmart Limited, O=NowSmart Limited, L=Hong Kong, S=Hong Kong, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
17E0A06EDB2EA571F82D4DD9A7BF2F7C

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:3247vXvHRkK2nlwh5XLoyaxNtsK5rBqlAJC8TApGXkw:myvRKni5XLoyax/sK5rBqik8TSw

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9976

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file arw7site.exe has been seen being distributed by the following 19 URLs.

https://sites.fastspring.com/nowsmart/order/.../NOW160703-2125-66144F

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=dff9f414f760c4886d667c6fed19e974&upv=35c91bd0169d47536526af6f0e35da3d&z=pp_warning&sk=601&abp=0&params=F39B2A32BFC101987B1458170C278E039F76501CF908B2FADC82EF658A92784E15C486C1ED819EEABC3E876C18416D874D28A6609D1706A40C8416C10B00A94B57002110B126DEB03285D744D5A8CB6BA9164B71F5BAC3712B400129D2A3B6F01F465EB154D5A038FFA2D3E6EDFE48C4D953D5B2B30966C7A2B9B70A1EFC697ECD9488C67390D97C25E0A43A8965DB88BB9D9A54570FD5EF0D21224021D5783F&h=8E5373673CF2CEEC3373570DC8C42B3835E4736584DDA7A37AAC64D769928E38&directdownload=1&f=331745&d=http://www.nowsmart.com/.../arw7inst.exe

http://baixar.freedownloadmanager.org/Windows-PC/.../GRATUITO-7.20.51115.html?ac6b6

http://en.softonic.com/sads/tracker.php?ev=c&co=PH&sid=864f3fbbef27e3edc4548b024293b345&upv=cb43767192f79000119e0cefee49cf26&z=download-cpd&sk=600&abp=0&params=F39B2A32BFC101987B1458170C278E039F76501CF908B2FADC82EF658A92784E15C486C1ED819EEABC3E876C18416D878A3C936531282EE45F922735E2AED24E1C9026D47E128E041A9BCC4BE07348DF2A9E825518E376A29A763DF9ACABF0B354DD0F54ABE6EB216ED543E6E4BB34E37BFA07594D10029BAABDE88EE0723F77CE7B5845E3178A4CB781C21C6066D38BFE3486BE234C416789361A958DFF940A&h=DBBBCD62BE1AD93D3472866F7ABBF1A5D15231518688CAC69991D4CCD17CDAFC&directdownload=1&f=331745&d=http://www.nowsmart.com/.../arw7inst.exe

http://audio-record-wizard-1.en.softonic.com/download

http://audio-record-wizard.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/.../NLaIQE5Lc6XZWzSeunx0dRLEzSNRJoaRTkvA8qUOjE V7pG0yOVi91tFvwWFQdUv0Cs=

https://audio-record-wizard-1.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOLABCJUHMcXeByXKvHXUR6qKdc0V0C1jtNrWBmTxvP/V8Z8SbAWENBpbcdAaVUiYp703ZpF86Of iJbqg1MHiHMcCiwC/imxJjl6tZm3/.../6k=

https://audio-record-wizard.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/.../NLaIQE5Lc6XZWzSeunx0dRLEzSNRJoaRTkvA8qUOjE V7pG0yOVi91tFvwWFQdUv0Cs=

http://www.nowsmart.com/.../arw7inst.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=adc693afaf8178c542ef6513f2b7bd94&upv=89ca26c5791bfdfb9130961a1924395b&z=download-cpd&sk=593&abp=0&params=F39B2A32BFC101987B1458170C278E039F76501CF908B2FADC82EF658A92784E15C486C1ED819EEABC3E876C18416D878A3C936531282EE45F922735E2AED24E2AEE38351009EA9A23808D78A28C50B6AC2A3E7CB0418056DC1E76AC4B84068A892F0DB05A99017BFA6611C094B6778BEB84BDCD991CE85946ABB7D210498908C95A610AB6B37E53F38C4DD401621105872860F8B0CB02B7025E1C1204244193&h=8D1B9A0F213BE02D7037187102CDC4CC5D7F5D246AFC06F77DA16FD430A0BAB1&directdownload=1&f=331745&d=http://www.nowsmart.com/.../arw7inst.exe

http://gsf-cf.softonic.com/a9b/56c/.../arw7inst.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=14b858511443eb5ec81012bae0b8caec&upv=ec60d45e26cc09bc2d95cc90e5396083&z=download-cpd&sk=587&abp=0&params=F39B2A32BFC101987B1458170C278E039F76501CF908B2FADC82EF658A92784E15C486C1ED819EEABC3E876C18416D878A3C936531282EE45F922735E2AED24E1C9026D47E128E041A9BCC4BE07348DF5A0004B08DD67EF9DEE8AD47892375A7B06DD199B6F2C5835B2E6274AA811B8E1E8CD849EE243496789CE1DE68F9DD8178DE168C7A8662084772B29CEDC5791B38E7A04A483B4C3369D0F38D20A79900&h=1EF9A192F0E19F50CF52C0853F735389CA76ABFEAA2588519340FFE909C43377&directdownload=1&f=331745&d=http://www.nowsmart.com/.../arw7inst.exe

http://lb.cdn.m6web.fr/d/c/a/4cd43ee26dcdf0fcd7f4685a042d820c/57a2a880/soft/.../audio-record-wizard_7-21_fr_50044.exe

http://www.nowsmart.com/.../arw7site.exe

http://www.nowsmart.com/.../arw7.exe

Scan arw7site.exe - Powered by Reason Core Security