easyspeedchecksetup.exe

Easy Speed Check

Probit Software LTD

The application easyspeedchecksetup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download.easyspeedcheck.com.
Publisher:
Probit Software LTD

Product:
Easy Speed Check

Version:
1.1.3.2427

MD5:
c44c918f2e58978bbf9e54f7d850c3f0

SHA-1:
4448d633d33fd63cfb6d21fef23266a639a2feaf

SHA-256:
1c877107c80acb208882680c657fabb0fba283904c9af58974678c16f71d27ca

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 9:39:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Probit.Optional.Installer.Meta (L)
15.9.21.20

File size:
511.2 KB (523,501 bytes)

Product version:
1.1.3

Copyright:
Probit Software LTD

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\easyspeedchecksetup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2VZDhOYIczVmjuldONAvA7KGbNuwqQnpqo:kZDhfSudONgA7XUGnMo

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file easyspeedchecksetup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-109-198.compute-1.amazonaws.com  (54.225.109.198:80)

TCP (HTTP):
Connects to ec2-107-22-242-100.compute-1.amazonaws.com  (107.22.242.100:80)

Remove easyspeedchecksetup.exe - Powered by Reason Core Security