bluestacks-splitinstaller_native.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.centersharenew.com and multiple other hosts.
MD5:
a2c6d5425cec1a215d0283ec10b3a39e

SHA-1:
87b5ef6ccc6c3fd7ce45a07179c14557d06dadfb

SHA-256:
4d873dcf34de78bc875fa01a5ed8c10ee8eff4cd7169697f9fdaf8ff47b0e0a2

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/25/2024 6:26:32 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!A2C6D5425CEC
5600.7007

Trend Micro House Call
Suspicious_GEN.F47V0825
7.2.257

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33028

File size:
71.5 KB (73,205 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:ZpgpHzb9dZVX9fHMvG0D3XJZ4Romu/TdS5bIGlf2r/+rN5hsak32i:TgXdZt9P6D3XJZ45M+b7OL+r9/i

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.1311

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file bluestacks-splitinstaller_native.exe has been seen being distributed by the following 12 URLs.

http://www.centersharenew.com/ZMRSztiGMsbeZ4Dr aOv9ofog9qaKR8bLC9jI2UQmI_MCDaIqPQ4IAibwPMzD0_Eg9zxERYZYcB04Q 85AGPebcC8gkwp3oXnKlsZTt2PVHXcehbSLEECezFJoPMPvsbhN 4wck ib1A96ae6KWYb0g7dX4Iwk1fLqY7F26l7D_kmRLTQvVikRsXqO8PGyDAL0ExDY_9t9W6JFncLbX18i_94pZJrRUdXeu2ns1BUXz3o18tihd0RCUJjeTZiHqyCREbzucePi3i sjvUgghil6jfUFnm7Y2TD1eiApDZyC9IqzqkIKUJA3pBkiJK0d7HYi HqkpEi23R0lwMmq qxNoovXCwB6hl6j54_gwTX3P3ZaYdz3wwS8iAIcwFe6xMSfKC2kryVhcz8yhqOp7pRRNvnHIpwfMZ4zbL6jJ2Q7QQTHVe2KUI_wpA5ZvRMujq3FjnNjgtfM8Mbavzr3NGilGArOi851y7pqtAIGsLDA_AqZXo3CJNmE4RuRTKnA7TOUP2aKxZ7xHSHQCiZC1rV9I3npdEd5ciB6TR4M01YGEKoE1kRE=-G1wAAGRgnq2tQUxCtH_YgAOXhMJBB9CJ7kzbPhme51gCfEPjtu3NUqQbw9brfsp6vsHyOEDGE2r_rXw_YtqRFl12xz_WPP8H0lOIjEUPtCJKUAzBkjSCAQ==

&onid=18513&oid=3001-18513_4-75593133&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13809534&topicguid=utilities/op-systems-updates&topicbrcrm=windows software&pid=13809534&mfgid=10185997&merid=10185997&ctype=dm&cval=CBSI&devicetype=desktop&pguid=b27fc9aed09ba740fbbdc16d&viewguid=QZ@MvaQSABj6qHx9K97cNCpTCJOvpA5jPomP&destUrl=http://software-files-a.cnet.com/s/software/13/80/95/.../BlueStacks-SplitInstaller_native.exe

temp:BlueStacks-SplitInstaller_native.exe

&onid=18513&oid=3001-18513_4-75593133&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13809534&topicguid=utilities/op-systems-updates&topicbrcrm=windows software&pid=13809534&mfgid=10185997&merid=10185997&ctype=dm&cval=CBSI&devicetype=desktop&pguid=d516536a907ea0fbea4b3564&viewguid=QEg@sTKucB1dP-JubGg0abHSKnltf-UfVk@G&destUrl=http://software-files-a.cnet.com/s/software/13/80/95/.../BlueStacks-SplitInstaller_native.exe

&onid=18513&oid=3001-18513_4-75593133&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=utilities/op-systems-updates&topicbrcrm=windows software&pid=13814009&mfgid=10185997&merid=10185997&ctype=dm&cval=CBSI&devicetype=desktop&pguid=7ac269dbcc1ce008f22ec5d4&viewguid=Q5EHo6aIRgEiY5oikvQcWjH9tRJ4jNcadpOI&destUrl=http://software-files-a.cnet.com/s/software/13/81/40/.../BlueStacks-SplitInstaller_native.exe

&onid=18513&oid=3001-18513_4-75593133&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13814009&topicguid=utilities/op-systems-updates&topicbrcrm=windows software&pid=13814009&mfgid=10185997&merid=10185997&ctype=dm&cval=CBSI&devicetype=desktop&pguid=1484635ae79506127d78ea37&viewguid=Qe6bI38zZ7sVG0dqdW642eaVLy5cqY38ePG4&destUrl=http://software-files-a.cnet.com/s/software/13/81/40/.../BlueStacks-SplitInstaller_native.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-130-248.ams50.r.cloudfront.net  (54.230.130.248:80)

TCP (HTTP):
Connects to ip-50-63-202-57.ip.secureserver.net  (50.63.202.57:80)

Scan bluestacks-splitinstaller_native.exe - Powered by Reason Core Security