connectify activator.exe

The executable connectify activator.exe has been detected as malware by 4 anti-virus scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download1892.mediafire.com and multiple other hosts.
MD5:
0a9c3c1be8ac8fcdcb44eeff81268a55

SHA-1:
782f6f6c172d4313621710e0ed5653dab493eed0

SHA-256:
fec7171a238841a54943d5bafbc9e36c995bd6a486b25a26505a9a650f35ab97

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/30/2024 8:46:25 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/HackTool.Crack.DY potentially unsafe application
7.0.302.0

Quick Heal
(Suspicious) - DNAScan
1.14.12.00

Trend Micro House Call
TROJ_GEN.F47V1231
7.2.4

VIPRE Antivirus
Trojan.Win32.VBInject.gen
25554

File size:
364.6 KB (373,361 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\connectify hotspot pro.7.2.1.29658 [khansoft india]\activator\connectify activator.exe

File PE Metadata
Compilation timestamp:
7/26/2013 4:53:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:dw393dtLEzq58BcFN6Q8AnVybOcickEy1Fu4ogn6Pd4iDTZ4t5GOtcJcx7vqMM38:dw35dS4X8AnVy4DEyDuTet4OtCcx7yZs

Entry address:
0x1D338

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, F4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, C9, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
148.5 KB (152,064 bytes)

The file connectify activator.exe has been seen being distributed by the following 3 URLs.

Remove connectify activator.exe - Powered by Reason Core Security