cstudio_downloader.exe

Ruslan Bogdanov

The application cstudio_downloader.exe by Ruslan Bogdanov has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from bf.softobase.com.
Publisher:
Ruslan Bogdanov  (signed and verified)

MD5:
a0017a6456074b226c2512342e5f3753

SHA-1:
51ab433c3449875b7cc6691b7aa86c5b2609728e

SHA-256:
6725299f9b9246c8be22379d834ba6ab9e9a2365b2caac4c42b43eeaf79ac6d1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 3:59:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.RuslanBo (M)
16.3.31.13

File size:
246.5 KB (252,392 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\cstudio_downloader.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/18/2015 2:00:00 AM

Valid to:
3/18/2016 1:59:59 AM

Subject:
CN=Ruslan Bogdanov, OU=Individual Developer, O=No Organization Affiliation, L=Ulyanovsk, S=Ulyanovskaya, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
01791FECBB5970A99967493C9F9814A4

File PE Metadata
Compilation timestamp:
4/21/2015 12:23:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:xFXoDt6QAmP/NO4v4ZkxhJihmo3pNGO5FNmsdTfqEbrUSXQW0T/ejC:cAQnIaoYuz5NDNmCTXbBXL0TGj

Entry address:
0x4377

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 42, 00, 56, A3, 30, AD, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 81, 3C, 00, 00, A3, 00, AE, 42, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
6.7986

Code size:
34.5 KB (35,328 bytes)

The file cstudio_downloader.exe has been seen being distributed by the following URL.

Remove cstudio_downloader.exe - Powered by Reason Core Security