» asctimetables.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (3)

asctimetables.exe

aSc Applied Software Consultants s.r.o

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VideoDownloadConverter Search Scope Monitor’. The file has been seen being downloaded from download.freedownloadmanager.org and multiple other hosts.

File name:

asctimetables.exe

Publisher:

aSc Applied Software Consultants s.r.o (signed and verified)

MD5:

33305b3ae097704fcbe9959a70871708

SHA-1:

d1a3bdd75493ab065ffa9a92230416c2a6e84179

SHA-256:

7d20a707c19babb244a07d2cc070bdeb48da1f6982474533712e588d14bc0caa

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/14/2024 10:27:35 PM UTC (today)

File size:

17.7 MB (18,555,080 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\asctimetables.exe

Digital Signature

Signed by:

aSc Applied Software Consultants s.r.o

Authority:

GlobalSign nv-sa

Valid from:

8/3/2016 12:59:35 PM

Valid to:

9/5/2017 7:38:31 PM

Subject:

E=info@asc.sk, CN=aSc Applied Software Consultants s.r.o, O=aSc Applied Software Consultants s.r.o, L=Bratislava, S=Bratislava, C=SK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

3C7321FE952FBAE2DF6DFFBF

File PE Metadata

Compilation timestamp:

2/24/2012 11:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:yXxZE8HwsTeHNZ4fDVYA1DxMTf57bnSftzWr5ALi10:YdQcetZGpYqxOdQVW5A

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9996

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VideoDownloadConverter Search Scope Monitor

Command:

"C:\Program Files2\videod~2\bar\1.bin\4zsrchmn.exe" \m=2 \w \h

The file asctimetables.exe has been seen being distributed by the following 3 URLs.

http://download.freedownloadmanager.org/Windows-PC/.../FREE-1.0.0.1.html?ac69b9

https://ascorare.ro/.../aScTimeTables.exe

http://www.asctimetables.com/.../aScTimeTables.exe

Scan asctimetables.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.