fileassassin-setup-1.06.esp.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
MD5:
28345ed751defb7e9a117d318e49c8ab

SHA-1:
acc09e105a97243c876f9fd02e5ba7f5c325fe92

SHA-256:
590c2b80cd3d8301fb97f45370f94b34d824b44210a7edf72dec655fc151d243

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 11:44:48 AM UTC  (today)

File size:
163.5 KB (167,376 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\fileassassin-setup-1.06.esp.exe

File PE Metadata
Compilation timestamp:
1/13/2007 3:26:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:PmeDmBqskJtnplsf4c66XV86/jpSczZOW1spEgIEAUQtyAHSdhRLoLfhqs7bV:P8mnplO4t6Fj/jIqOW1dEAZtyAH4eqsl

Entry address:
0x32D4

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 70, 91, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, 10, 48, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 20, FD, 41, 00, FF, 15, 58, 71, 40, 00, 68, 94, 92, 40, 00, 68, 60, 3F, 42, 00, E8, 40, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B8, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B4, 70, 40, 00, 68, 8C, 92, 40, 00, 53, E8, 2B...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file fileassassin-setup-1.06.esp.exe has been discovered within the following program.

KoolPlaya  by AKi-Software
About 3% of users remove it
 
Powered by Should I Remove It?

The file fileassassin-setup-1.06.esp.exe has been seen being distributed by the following 6 URLs.

http://gsf-cf.softonic.com/acc/09e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59461&instance=softonic_es&type=PROGRAM&Expires=1479845440&Signature=iurZcKcPVvviQCdG4HB-aso4T2PwMfS0PE8Nccgdeivk3d2bB17h0BfBG9yLsDyG9ySwgT2tWzWQwCTiAdQGpizz3uZpoTD1SLhWB~vmsUSVacas7Mq-kvxQcDEaQgc70ODbeocyzM8rv1vy1Wx2qNWHBymKYFeBSsfcdI2sJCA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-esp-setup.exe

http://gsf-cf.softonic.com/acc/09e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59461&instance=softonic_es&type=PROGRAM&Expires=1475567285&Signature=aba8JcnMNIsvusn5cc1AH4I8cQ008eaFZGnd8TibZKiiyA5CY2J9Ml7wNvwolU-v1yUuxnL5IOW2y-d1d5XJpazjtQaiB407fKHkG88uAcDl7IhUiN~v1ZGwfEfdcva7qI8bUO8XCOi0JyN3EtKwoEZhGldl7fA89pitknCbdQc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-esp-setup.exe

Scan fileassassin-setup-1.06.esp.exe - Powered by Reason Core Security