» dap10i_201fb4eb1d_setup_downloadacselerator.exe
Overview
Analysis
File Details
Downloads (43)
Network (4)

dap10i_201fb4eb1d_setup_downloadacselerator.exe

Speed-Bit LTD

The application dap10i_201fb4eb1d_setup_downloadacselerator.exe by Speed-Bit has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.filepuma.com and multiple other hosts. While running, it connects to the Internet address server-52-84-102-72.del51.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Publisher:

Speed-Bit LTD (signed and verified)

Version:

1.0.5.7

MD5:

ed860d6920c0abf909fd2b91c68684ec

SHA-1:

254d7ae813ff281d93fe37ac1c5906609863297c

SHA-256:

6797fe410d765721987e889d2a6cc0b60ef33c99954158e73834222949c12cf0

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 8:32:27 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Win32.HLLW.Autoruner2.8308

9.0.1.074

ESET NOD32

Win32/SpeedBit (variant)

8.9539

Fortinet FortiGate

Riskware/SpeedBit

3/15/2014

McAfee

Artemis!ED860D6920C0

5600.7191

Reason Heuristics

PUP.Goobzo

16.1.3.19

Trend Micro House Call

TROJ_GEN.F47V0304

7.2.74

File size:

798.2 KB (817,352 bytes)

Product version:

1.0.5.7

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\installer\install_2145\dap10i_201fb4eb1d_setup_downloadacselerator.exe

Digital Signature

Signed by:

Speed-Bit LTD

Authority:

Thawte, Inc.

Valid from:

7/26/2012 3:00:00 AM

Valid to:

9/4/2014 2:59:59 AM

Subject:

CN=Speed-Bit LTD, OU=SECURE APPLICATION DEVELOPMENT, O=Speed-Bit LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

699AEB21842CD56CA7A7FC71BB394361

File PE Metadata

Compilation timestamp:

3/4/2014 12:04:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:02Mxg84fOHQpbBr10GVhReO/hePHXQSnZhIO0AdfxwP9uO38Y12U:7MGOiEGgOAP3RZ+5AdWuO38Y1/

Entry address:

0x4AF50

Entry point:

E8, AB, 82, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, BE, AF, 44, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 54, 05, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Code size:

409 KB (418,816 bytes)

The file dap10i_201fb4eb1d_setup_downloadacselerator.exe has been seen being distributed by the following 43 URLs.

http://www.filepuma.com/file/1471449613c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_fd0a378216_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_aaf5ed444c_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_869a99921f_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_2b8c52b878_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_e02fe08bab_setup.exe

http://www.filepuma.com/file/1455070613c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_612a0b0377_setup.exe

http://www.filepuma.com/down/1428312851c5373/download_accelerator_plus_10.0.5.9/.../0/

http://www.filepuma.com/file/1428312851c5373/download_accelerator_plus_10.0.5.9/.../0/

http://www.filepuma.com/down/1420514133c5373/download_accelerator_plus_10.0.5.9/.../0/

http://www.filepuma.com/file/1420514133c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_fb7b13252c_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_14257c644b_setup.exe

http://down.filepuma.com/files/download-managers/.../Download_Accelerator_Plus_v10.0.5.9.exe

http://www.filepuma.com/down/1411294890c5373/download_accelerator_plus_10.0.5.9/.../0/

http://www.filepuma.com/file/1411294890c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_ya1b_setup.exe

http://www.filepuma.com/file/1414806395c5373/download_accelerator_plus_10.0.5.9/.../0/

http://www.filepuma.com/file/1411674859c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_1b939ed8b3_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_ead2318277_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_50c73cc809_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_c40a516240_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_191408cd28_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_fefea9c917_setup.exe

http://www.filepuma.com/file/1407105555c5373/download_accelerator_plus_10.0.5.9/.../0/

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_d886ff55ab_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_7b3e4f275e_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_4940332c85_setup.exe

Latest 30 of 43 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-239-174-59.mnl50.r.cloudfront.net (54.239.174.59:80)

TCP (HTTP):

Connects to server-54-192-55-160.jfk6.r.cloudfront.net (54.192.55.160:80)

TCP (HTTP):

Connects to server-52-84-102-72.del51.r.cloudfront.net (52.84.102.72:80)

TCP (HTTP):

Connects to server-54-230-150-179.sin2.r.cloudfront.net (54.230.150.179:80)

Remove dap10i_201fb4eb1d_setup_downloadacselerator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.