home

fastactivate.exe

FastActivate

TT

The executable fastactivate.exe, “Activate Maps,Voices, Speedcams & Fuel prices. Patch Navcore & HOME. Check current meta code. Update QuickGPSfix” has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6092.chomikuj.pl.
Publisher:
TT

Product:
FastActivate

Description:
Activate Maps,Voices, Speedcams & Fuel prices. Patch Navcore & HOME. Check current meta code. Update QuickGPSfix

Version:
17,05,2013,0

MD5:
863e9ea847ae469eac71be95156ceeca

SHA-1:
464178b224f3e495d6b8284099afbcb584b608bd

SHA-256:
bd1085c94b14bea25a39c91978922bc8470bd676ef799a552660a37786c936b5

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 9:53:58 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Botnetlog.9
9.0.1.0161

IKARUS anti.virus
Backdoor.Win32.DsBot
t3scan.2.0.0.0

Norman
MPress.C
11.20160609

File size:
1.6 MB (1,660,928 bytes)

Product version:
17,05,2013,0

Copyright:
TT

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\fastactivate.exe

File PE Metadata
Compilation timestamp:
3/25/2011 2:17:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
49152:q538rUsfq/vjuEzCQ4zByF1RVn/9lmZ8Q/r:qBUUsy/v6fQOByznVl48Q/

Entry address:
0x1C41E7

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
33 KB (33,792 bytes)

The file fastactivate.exe has been seen being distributed by the following URL.

http://s6092.chomikuj.pl/File.aspx?e=qdgKIJqjnx1hXy33xESHWE9V5hMOPIoFzEBOS17LOTzIutVcKrMRxEixQ8ydfWbeYirhcTU7wQBGDgqpO2QiYiebcMGaAFmkCUOTCM-CYMFB5bo66M4GatFlQdqfuHoCUrXsupT1Wugx8ryD10yiyg&pv=2

Remove fastactivate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.