dap10i_019d0eacc4_setup.exe

Speed-Bit LTD

The application dap10i_019d0eacc4_setup.exe by Speed-Bit has been detected as a potentially unwanted program by 3 anti-malware scanners. The file has been seen being downloaded from d1ih5upz66zwom.cloudfront.net and multiple other hosts. While running, it connects to the Internet address server-54-230-0-39.lhr5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Speed-Bit LTD  (signed and verified)

Version:
1.5.0.999

MD5:
c502c2c8f88cff5eaadf4e5142f314c7

SHA-1:
fcb4b5625c445805cb4c62f564f2bd03a041d98b

SHA-256:
65bd89f8c67311239200e50c438e5bca133c1272e46db30ddfe21b3fdde16648

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:56:19 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/SpeedBit (variant)
8.10245

IKARUS anti.virus
PUA.SpeedBit
t3scan.1.6.1.0

Reason Heuristics
PUP.SpeedBit (M)
16.11.30.21

File size:
914.2 KB (936,136 bytes)

Product version:
1.5.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/25/2012 5:00:00 PM

Valid to:
9/3/2014 4:59:59 PM

Subject:
CN=Speed-Bit LTD, OU=SECURE APPLICATION DEVELOPMENT, O=Speed-Bit LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
699AEB21842CD56CA7A7FC71BB394361

File PE Metadata
Compilation timestamp:
8/7/2014 5:27:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:izyJcFUSzBgJtzUzPGPKpwuNAGMMuO3wImFrV:MFU/t8PGekEmF5

Entry address:
0x4E35A

Entry point:
E8, C3, BF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, E8, 66, 4A, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 37, 4A, 00, 01, 0F, 82, F6, C0, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.6967

Code size:
455.5 KB (466,432 bytes)

The file dap10i_019d0eacc4_setup.exe has been seen being distributed by the following 50 URLs.

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_d44749b6f2_setup.exe

https://d1ayctwfvsqrr7.cloudfront.net/.../dap10i_083dbfa778_setup.exe

http://lb.cdn.m6web.fr/d/c/a/c6512de000367f17a4b27db6d60f87a4/58aa1443/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_c2bc98556f_setup.exe

http://lb.cdn.m6web.fr/d/c/a/d1a5cf55142334e6804f312be69dcddc/57ef957c/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

http://lb.cdn.m6web.fr/d/c/a/09b77ee3b50795d7207e35ffa38c9816/58179f4e/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_1130241336_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_6dff0152bf_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_427bfa34f2_setup.exe

https://d2s42bl77ar0ja.cloudfront.net/.../dap10i_e2224be1ae_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_b24f08da08_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_da59dcd4eb_setup.exe

http://lb.cdn.m6web.fr/d/c/a/afa352347f9a704dafce954bfdc10253/5830678a/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_612689bf8c_setup.exe

http://lb.cdn.m6web.fr/d/c/a/f497475d1570909beab48fa19bc958b9/5831bf03/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_2a8a20fd96_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_57b0370a1c_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_dec47f4dc1_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_e3912a96d1_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_89aae38986_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_9835f55bd6_setup.exe

http://i.softplanet.com/.../Download-Accelerator-Plus10060-Build-2599.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_f0acc0b5ac_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_aa9b86453e_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_69f0cbfd7f_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_39f06a1740_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_698c7c6e84_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_cb30292ed2_setup.exe

http://lb.cdn.m6web.fr/d/c/a/4e23fcd162b69b5a6490ccba9964f25c/57867d95/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

http://lb.cdn.m6web.fr/d/c/a/142d31ddca8747326c7ae637d1d213d5/57cfc4b6/soft/.../download-accelerator-plus_10-0-6_fr_9643.exe

Latest 30 of 168 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-0-39.lhr5.r.cloudfront.net  (54.230.0.39:80)

TCP (HTTP):
Connects to server-54-192-29-119.dub2.r.cloudfront.net  (54.192.29.119:80)

TCP (HTTP):
Connects to server-54-192-230-243.waw50.r.cloudfront.net  (54.192.230.243:80)

TCP (HTTP):
Connects to server-52-84-102-16.del51.r.cloudfront.net  (52.84.102.16:80)

TCP (HTTP):
Connects to server-52-84-102-143.del51.r.cloudfront.net  (52.84.102.143:80)

TCP (HTTP):
Connects to server-54-230-59-121.gru1.r.cloudfront.net  (54.230.59.121:80)

TCP (HTTP):
Connects to server-54-230-150-208.sin2.r.cloudfront.net  (54.230.150.208:80)

TCP (HTTP):
Connects to server-54-230-150-155.sin2.r.cloudfront.net  (54.230.150.155:80)

TCP (HTTP):
Connects to server-54-230-141-18.sfo5.r.cloudfront.net  (54.230.141.18:80)

TCP (HTTP):
Connects to server-54-192-98-79.arn1.r.cloudfront.net  (54.192.98.79:80)

TCP (HTTP):
Connects to server-54-192-19-108.iad12.r.cloudfront.net  (54.192.19.108:80)

TCP (HTTP):
Connects to server-54-192-130-89.ams50.r.cloudfront.net  (54.192.130.89:80)

TCP (HTTP):
Connects to server-52-85-63-42.lhr50.r.cloudfront.net  (52.85.63.42:80)

TCP (HTTP):
Connects to server-52-85-221-157.cdg50.r.cloudfront.net  (52.85.221.157:80)

TCP (HTTP):
Connects to server-52-85-221-11.cdg50.r.cloudfront.net  (52.85.221.11:80)

TCP (HTTP):
Connects to server-52-84-230-143.sfo9.r.cloudfront.net  (52.84.230.143:80)

TCP (HTTP):
Connects to server-54-230-58-78.gru1.r.cloudfront.net  (54.230.58.78:80)

TCP (HTTP):
Connects to server-54-230-191-175.maa3.r.cloudfront.net  (54.230.191.175:80)

TCP (HTTP):
Connects to server-54-230-187-150.cdg51.r.cloudfront.net  (54.230.187.150:80)

TCP (HTTP):
Connects to server-54-230-150-78.sin2.r.cloudfront.net  (54.230.150.78:80)

Remove dap10i_019d0eacc4_setup.exe - Powered by Reason Core Security