bit5e75.tmp.exe

Shuang Wu

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Shuang Wu  (signed and verified)

MD5:
3ba0f8d8754122217026fb72dab3df46

SHA-1:
1c0fa68f1c8a93aa8c24569d7cb8b7919e27392e

SHA-256:
52f0a5fdd0aee5684ca9d94d2ea99617276ebea981209357ca1a5ddfcfefe6e5

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/27/2024 7:15:54 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Adware.Generic.639406
8.13.12.23.07

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131221

File size:
20.8 MB (21,765,136 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\bit5e75.tmp.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
8/30/2010 1:00:00 AM

Valid to:
8/30/2013 12:59:59 AM

Subject:
CN=Shuang Wu, O=Shuang Wu, STREET="4 Floor, No. 1118 Yu Yuan Road", L=Shanghai, S=Shanghai, PostalCode=210050, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
1CCFA257A1CCF9E9400AFEA2EEC98175

File PE Metadata
Compilation timestamp:
4/10/2010 1:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:G8qatzhypkj68bt1WS4DqgC8PCqa5boEfJ4bbJVcWuZVlS2jQ+52Aa:G8Fxkm5Pd6qgC8PCz5boEf06KbA

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file bit5e75.tmp.exe has been discovered within the following program.

MpcStar 5.4  by www.mpcstar.com
Publisher's description - “MPCSTAR is an all-in-one package of video player, audio player and many codecs. It contains a user-friendly player and carefully selected codecs to support various media formats. With MPCSTAR, you would be able to play all your movies and music downloaded from the internet.”
www.mpcstar.com/?lang=en_us
About 2% of users remove it
 
Powered by Should I Remove It?

The file bit5e75.tmp.exe has been seen being distributed by the following 37 URLs.

http://dw.uptodown.com/dwn/vh-5V5IzaFBSKPRGTHSC8T3VeNnSB8Ll_cFS4cHV9w2eDcXBebbLRIkbrKrD3JsaWrolg2PqLscisXSJZvzHjkh3UQJhVYbR4COaUQSEjBoNUeAQAeQL5EY2lYTKlbiI/Ny7Lug1a34QewK38el7e_l1pghVRy7X4ESadpNlulLSh98BF23KO5V5crKnOalK3ZZl25KgSyZ6-xRSUOUFJlJh1Z_wkR7ysZCU8dGpYj7t7vxf5VJta3soIfkJgnMlc/hku5RVbv1C20Qwvgmj6kvVuPq-envwQ0he_Sa5hrIKtNzZAK2xS-t6MBRkmUXxYfdHMi1AvCj-QMO996qDBLXOZzopJZBr0q-Y7Tk9oNFKgN1tTeqbeIH0Togl5c0vgG/.../

http://dw.uptodown.com/dwn/8MwxKBrb5GolS3320czMIliZEiPTatoXF7qKV4nhdc_xLIZxIlRfVb0S4y-6RvgDpVNx3UR6IXyzssBklt5gnS79X9cjBhKI6WFImFw_wHLarBLBcU9ynYxKDU-nGhGW/2AHEVoN_pdxc06I-zUz7LLJV-RU63MVzoVhra9dL3w4H5ZG-f3-e5y0tIt2Q24XWqFOdFIgspCPkLKh8-0v4AEIjFhWDbYIca17jTzvKu9EfpAt83el_SgGkJuosS3pY/aNxVboO6lnLf4McWV0tuvUPGUGsDR2QNLvO2Jk-0LxITbb1lfYF2r--wBBHi7QLHxZFJq2GCt43cuzHf6_WJocSyqYfxgyVaVCfvEcQQU90DfknEwdg4s2xFN8PKM-Cq/.../

https://mpcstar.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOXcWk/i WOGeImNQ/7BxXuZjFDhQ9se21tQpx7z9Uc2obGfq9rh5oy2EP/.../HtedgYqO7E=

https://dw.uptodown.com/dwn/ueIYlm0wUMN8vN7jEWHBynplnQvPG0g0hUXkry4F6wqnisUPXphXq5zEFJPXyuOGHKv2nYBjlKLu111yp094DT_3sKGzUJhGOrIasJ5UvjJrkMIxELIlFlJQ2d3KWt2V/MS9RZ57aOaYrupRO2IIXWJOkgxl4IvCIMELe1G06cOAyhloOrbt5uPN9XHLJVZdPPx90qQpfSkVupXAa06Ug6ShKvV5SL185MApqgky7PJcD7vk1dYNH7S2LiCgI1z0a/qPlVEgBo6TyBqscKN4QvF8P7bfDDrA5bxwNrUnCaPnle-6hmZ0lGyShIhY43efYn0VexVH8-zd9LL8pyemPKSHChJZkyjHZZYYpHJVtWTWcTN1ENma1feOiksAdK8A0p/.../

http://download.mpcstar.com/.../mpcstar_setup.exeundefined

https://dw.uptodown.com/dwn/_Z_0efmIwJLbFvrFS0kFWpypp0wgOCRRg3GrlH_zeKv5cSwQfMLmIwjwhLjpdjePcz-MiiMpZLNcHN6eCz4Jxw4ruvFAiav_DFd3W8_DAdY-xbpnwcYi9lR1kJe_m_hZ/b5CWCIxI7tqrvD5y7joasgB6lF05GrFN3SdGPStYVJBJRHZ6ilBCU0eFkCYkX397E0JLeCXmcZQxeIa9ETmiXi8J60e1XUcfaIGSxxrfrXwbzN7M6oaQlV-6RyfCJDNp/tRivS0yQT6a18TccRGwu4nJCGFWwtTS6Pss8pEiGYN6hHvEmqZl95vphm1sGl7ey83okzTjbNJa4-zAt_ic7-Ajxptb0ZuFqmn24_j-QdkdjD0_9WXseYx928nEhMo2U/.../

https://dw.uptodown.com/dwn/HUHO7oqfrTqKKXaMj0zBm4L7TmMtuV-OcnFwyu3L4K-URElmoST91ZRV97VNPJ9YwHWLLxOpv70t3b8dpwKWT22VcBPxvaavkuNPDGQUmF-2ezzRP7yrENSq15Ui-eZg/jAQAg2jQwm9_e4rlnA_gjLbVN452746TOPJIg5vUx7SeBrDFDoJMiwoHThCtd_8pi4FvSPMTGRgVdzUj1F_cZaa63w5rQt1njIYGfbXmLFn73pBUAV-5W2zu_6vjkPwr/zm_I0kz3qoUmv1J24qFkjVcS2u7SIcBy_fRs1jruROul8uGdhY4En7Qbq8IFxoqKDxocejqlUfaC0VL0uTRZWOy_ttMucItzSoqMeod1Al6sx6kvbFcv8w8_eMaZ-_t2/.../

https://dw.uptodown.com/dwn/MAIR9lLDcRfu7Pbz3cm60agaVe-FYZM6F58dehuJe6QtZC6ZmxxMmhWwiLHFylzE88-XCmPZ-WrV3bI5rX5LCZiz73qoVLYVblF-wDIHC8ljlE9OfEHl03CQf_t3TFgG/Iej9fiDa66PcNjOauraZT8iYlgjavGULYXnnSYbrwziBr4IFIwupgbyxcchP3HC3agwIOcDpOC7x1ELjFsSI_QaNoBefX31qUxx2gW5OuFAmQvFWV85AmMPONbpN8i7N/GBL5kHVFpuFiX5vsn3oyPW30Ek83GWqHHM8yzB3vPb7xtRpbzO2nplYDBMz7NKxLfN2qqn90SUNuz-tR6J9qShCvkco-1lSeM6Cbb3XG6a9D-TkZ9jjTLXbcUTTbm4FI/.../

http://www.funcyclecapital.com/ 7VHzvD92_f6hFXJcHhb4gRR pkHWBkkqSk3BNueXqytswxpZ7_0KB_5LLGZWDiPiSNBDGiej8A9fhGvo7snVM_xzxNM0hgB9VyLf1Ew0WDi3L9URAMgtO66QKMzmtWFsRBZ1aAnie0SIb7kzs9pjNoCJAKwayoqZyQyliprSrfSskBLxTtWex1474JhNBOMIVKi6ndfmeCQoTcEwgh30D0YThAi4A==-GzMAAAR0Y7HdGA2yKBxUEDbgwKHfFhrIBoecyOEryfIaRzS16zJAJwVp4JPDnsUD

https://dw.uptodown.com/dwn/ZlTmQHhG-NhSZ3xIpu4rSsoCDl1oamZf4N6nrWoArvhsH_adTnYTRGQnPe7gZPiWAm9OiK5FG1Kd0EjnIp9K2Wvq7dcylouGFfIv09gClilbFDYxx2pup9ZGLxD80Dt_/3ktxN7DSYO0QcRXfybx4PFSGMhc019R7gf8rHqVmW_ukNVq3yMJfVUw19d6SDhjU9XlUlniUQe3DfmiuZakVvvfjeqW95DWAkJddyyxqvFBNszM89w4CYfQkhXXe1_sw/UluFOl0DajLYGQyTuMxrlEsYzuTJv1aB4867VeXxFU-s_b2AWUZLfVtDofMTjjBXgC81NTP6qjRjwB3Bfm2Fi0H6wCeT6pozZbkyMLmGbT2CQcBtsqT1e5515YTCqqyd/.../

http://www.ranchsendgift.com/qbvKif_b79ZdYX22lwij eODkZ0baDFJbuwI6VsSK8OzYtPZ2wYhjr 21UQ7Ao2RV9hUOHnLwgoozu9QBjl4nVttPc_C6c2tQBBPANDPG4uewFyjQhj0_phZrmN2kiG56WfN6rAQf W5zQUwGXM9uYzXj7P2nvhON Su4MXMB f9j3phYjotiDtRulMNRrYaGhFYLoGlgocGVo3xgi2s8IBrD5ZNvg==-GzMAAERveH6cp6QVh1IQcMiBw_dIAg5AgomcSNCW3O4aR1TKsssATavmcWB8pDFbhAc=

https://mpcstar.softonic.com/.../trmsvRChbxdrflJq3ZIylWvK70YmPi91jOyzJvngz57LcOvxXCN3tSozxehIgEZmVL35LkIxt8Z1a22kwbgcWNmxALgzRUs2m0akt4B3gTEC0ePWZ90UgglcONvjJQqHLRYJLUezraTutEpgQYZ9nO8=

https://mpcstar.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOXcWk/i WOGeImNQ/7BxXuZjFDhQ9se21tQpx7z9Uc2obGfq9rh5oy2EP/.../HtedgYqO7E=

http://mpcstar.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOXcWk/i WOGeImNQ/7BxXuZjFDhQ9se21tQpx7z9Uc2obGfq9rh5oy2EP/.../HtedgYqO7E=

http://www.currentupdateconcepts.com/1tVzIfXYjBT_cQ36VQUnrMAOA93yMd0Ei 1SX70P6hZ93zy6NFC1IFrLf4kXgolPVkU4ngEuMEZMkTzQFzRqsPIVc9Au0dhDBSb_Ogrcn48ZbPRbGVEUqFpHaJM6uP_QdCsjtMd18t2siIOp1OpmRb8ZzrMFSiMbNdx e8 IRqOsRwyYE3EPuPL7v5UXJBj8p8fLRojo-Gz0AAEQ3hrG5GA2yKMwHgkMOHL4wPUhAFjjkRA5tQdnzxpaiaIPeMqTCHig2JJseH 7J AQ=

http://dw.fr.uptodown.com/dl/1442575614/.../mpcstar-5-4-en-win.exe

http://pantip.com/.../http:??????download.mpcstar.com???latest???mpcstar_setup.exe

http://lb.cdn.m6web.fr/d/c/a/cf5761174b532d8e6dc9105cdfd700a2/57cb1ba5/soft/.../mpcstar_5-4_fr_321646.exe

http://201.31.162.82/cache/download.mpcstar.com/.../mpcstar_setup_bc.exe

temp:mpcstar_5.4_setup.exe

Latest 30 of 37 download URLs

Scan bit5e75.tmp.exe - Powered by Reason Core Security