faithful-setup.exe

The executable faithful-setup.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from cdn.zyczu.pl.
MD5:
d9cdb35d325fe2adcc7f2da76e095369

SHA-1:
3013d1498288ae362968160e7e9346dbe35a4524

SHA-256:
9366567579bf9ee8f2f65fe3c73b43297319ece89dd2eb80bdac15d577474ef8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 8:29:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.6.27.8

File size:
496 KB (507,904 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\faithful-setup.exe

File PE Metadata
Compilation timestamp:
4/8/2014 6:52:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:FNXg2PTt7b+egbN7nZea6HCk1t8epsVFNj5OST8fdVFNV:FNXfPTtX+dZZ6HbtaNUST8fdr

Entry address:
0x2C4E2

Entry point:
E8, F7, 8F, 00, 00, E9, 7F, FE, FF, FF, E8, 30, 65, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 94, 47, 45, 00, 74, 10, 8B, 0D, 58, 48, 45, 00, 85, 4A, 70, 75, 05, E8, D7, 62, 00, 00, 8B, 40, 04, C3, E8, 0A, 65, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 94, 47, 45, 00, 74, 10, 8B, 0D, 58, 48, 45, 00, 85, 4A, 70, 75, 05, E8, B1, 62, 00, 00, 05, A0, 00, 00, 00, C3, E8, E2, 64, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 94, 47, 45, 00, 74, 10, 8B, 0D, 58, 48, 45, 00, 85, 4A, 70, 75, 05, E8, 89, 62, 00, 00, 8B, 40, 74, C3, 55, 8B...
 
[+]

Code size:
270.5 KB (276,992 bytes)

The file faithful-setup.exe has been seen being distributed by the following URL.

Remove faithful-setup.exe - Powered by Reason Core Security