fileassassin-setup-1.06.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
51fb1297571df6454ef4ae9b94e86e81

SHA-1:
7da065f2271840ebc2d934ae3d17ce8ec098e0de

SHA-256:
829d12a736b29d03699f840616b0a8b658cd4cb29d6f3aedab53b065293fe05d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 12:13:09 PM UTC  (today)

File size:
163.1 KB (167,034 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
1/14/2007 5:26:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:PmeDmBqskJtnplsf6oIRAnNFmSoTtVNasKhjlGifQ9xWEG4qC0zd6:P8mnplOyyoTjKhjkiI9xWEfR0z8

Entry address:
0x32D4

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 70, 91, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, 10, 48, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 20, FD, 41, 00, FF, 15, 58, 71, 40, 00, 68, 94, 92, 40, 00, 68, 60, 3F, 42, 00, E8, 40, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B8, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B4, 70, 40, 00, 68, 8C, 92, 40, 00, 53, E8, 2B...
 
[+]

Entropy:
7.6209

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file fileassassin-setup-1.06.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
CSR Harmony Wireless Software Stack  by Cambridge Silicon Radio Limited
Publisher's description - “CSR Harmony-enabled wireless platform provides a wireless solution that enables the user to easily and intelligently manage their ever-growing collection of Bluetooth, Wi-Fi and GPS devices through their PC.”
www.csr.com
About 7% of users remove it
FileASSASSIN  by Malwarebytes Corporation
Publisher's description - “FileAssassin can delete locked malware files on your system. It uses advanced techniques to unload modules, close remote handles, and terminate processes to allow the removal of the file. Simply download FileAssassin, unzip the file, and run the installer.”
www.malwarebytes.org
5% remove it
 
Powered by Should I Remove It?

The file fileassassin-setup-1.06.exe has been seen being distributed by the following 33 URLs.

https://dw.uptodown.com/dwn/rmZ-bqiUiAraRNlApXeB1IamOvKhZdLE88hbEMDiAycnBkoIOnUeZY1N5SqrNoTXfurGTA6M30varxaTpLanH3PTYr1PSx-hUi19k3lME_dFLifCilgtAVOg35kUm4OE/3zo4H9TIyctQVxOx94FnNDd89Z9f9Q5XXNeG7-te-edyMq7oFwXq1tjLenbwJOJp2D8MB_68IxmvyHsA2mug_YxbMLdyQTW-m_1RDqAsa2OUZcanWOmUREYF0vLaMmNh/1uw2aYzqHljIN0bEe8D38HJQa0e0xnDybAsi7EpzKp6el0njFdmRoCXEEJcByNgfKXmNA9eLWwPlmcrico1ZL-UGYOtIH8ioece1f4sNVcbtXcCrWyRnN4TTkkBT_uT3/.../

http://files.downloadnow-3.com/s/software/10/68/20/.../fa-setup.exe

http://sbcdn.softfiles.ru/rozu2.html?parameter=FileAssassin_Setup.exe

http://www.oldergeeks.com/.../download.php?id=244

http://gsf-cf.softonic.com/7da/065/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59459&instance=softonic_en&type=PROGRAM&Expires=1468062686&Signature=fXr4nbUa327GmEo5JjmHyODVpj6eq6guuyXsE6m8rILY2I0bPpgrGnLwVmIOzFoClYADvpEJ4gvxNYuY-WxbUsb6Fam4Vg8FTUzWoRT~eK6Vc6cXuyffxmw~ecBe~b7t6ICVnxSeiGJB0ArXIj6Fyd7niL6ryR7U6BGdKmgkFpw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-setup.exe

http://gsf-cf.softonic.com/7da/065/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59459&instance=softonic_en&type=PROGRAM&Expires=1478093436&Signature=fhOG-xKcFDdP9tlr~k3mU8iPmkRBhWZqV8j0zDnw3EsTWzelGS3DKwtFXB2qUOaSqS8br4oM7ioV4AmdC~ItMTKpatcPE1O7M8LlM6Y7UguT4outaZCk7E3F16QoFjzXv1HzpzvFs1LpveavK0OTIE46cvBgf5It0LwfO1muR38_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-setup.exe

http://gsf-cf.softonic.com/7da/065/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59459&instance=softonic_en&type=PROGRAM&Expires=1479797511&Signature=e8nmylrx9vI1DWyJgmVTKurTcoSdog0JUHKIezC-CuD1K8HmeWzW6yK3cyH569nSlI5x6Yi~BgX~n~5xadfb3y7fSW-YTS07VGIJ6wEiP-3vrPAna20nwb5QLTgwx2tWpcI0Vw6v49nB5ZC7G-EaP~OFov1y6seeXt~ya1Z7eV8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-setup.exe

https://fileassassin.it.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANmFrgIixlXHsW75KghYmvjrVRoxWOFrb9/uiVpEIjy7MpZGawvFAbVSzSx 2XGOA6GQ6aGjXvn5ofJ9g/9RPFyIafbA55aNd8UKY/Rw/gk6nE/.../I cRe0Oi4Ab0Wbwk=

temp:fileassassin-setup-1.06.exe

http://gsf-cf.softonic.com/7da/065/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59459&instance=softonic_en&type=PROGRAM&Expires=1473826279&Signature=IgFSZCEytOWxl8bAWgxwqKLwy4eiHNja9R3WT1wwF2RGd6c9sqrYhWxn5Y3mose7ZwzFGB9Z32ijHNNMzobr7xfOT~-aPwBob02~prBZFNKHE1o~BS5tat-2lzMX9qv7qGIDv7ro4HTGAYotu5OgLbeI97aeYbbf6hm-HaAvbD4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fa-setup.exe

http://192.168.212.1:4080/.../unlock.php?dest=aHR0cDovL2Rvd25sb2Fkcy5tYWx3YXJlYnl0ZXMub3JnL2ZpbGUvZmlsZWFzc2Fzc2luLw==&user=MDFlZGEwZDYtYTMxNy0xYzQwLWE5ZmItNjZlNzg2NGYxYjdm&cookie=UFc5MVB4WG5UVDA9&ID=NTAgOQ==&host=MTkyLjE2OC4yMTIuOTYgYTI2NzAzNGY2ODEwYzU3MjZkN2Y2ZWRmZjgzZWUzNzU=

Latest 30 of 33 download URLs

Scan fileassassin-setup-1.06.exe - Powered by Reason Core Security