home

fsd57e.exe

Installer

The application fsd57e.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from 45.64.22.93 and multiple other hosts.
Product:
Installer

Description:
Installer-H

Version:
1.0.0.0

MD5:
c276ab96ac551b2c97b98272deb11804

SHA-1:
e24ff8ce00ea83baf5a9e26459a2a8e64324672b

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/28/2024 2:47:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.145833
529

AhnLab V3 Security
Adware/Win32.Imali
2015.08.24

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.1.6

Arcabit
Trojan.Zusy.D239A9
1.0.0.425

Bitdefender
Gen:Variant.Zusy.145833
1.0.20.1180

Clam AntiVirus
Win.Adware.Agent-59771
0.98/21338

Dr.Web
infected with Trojan.Crossrider1.48337
9.0.1.05190

Emsisoft Anti-Malware
Application.Generic.1568399
11.5.0.6191

ESET NOD32
MSIL/Adware.Imali.E application
8.0.319.0

F-Secure
Gen:Variant.Zusy.145833
11.2015-24-08_2

G Data
Gen:Variant.Zusy.145833
15.8.25

Kaspersky
not-a-virus:AdWare.MSIL.Agent
15.0.0.562

MicroWorld eScan
Gen:Variant.Zusy.145833
16.0.0.708

Norman
Gen:Variant.Zusy.145833
10.04.2016 15:29:17

Reason Heuristics
PUP.FinalInstaller.Installer.Meta (M)
16.5.18.22

VIPRE Antivirus
Threat.4150696
46908

File size:
2.9 MB (3,028,992 bytes)

Product version:
1.0.0.0

Original file name:
FinalInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\fsd57e.exe

File PE Metadata
Compilation timestamp:
8/24/2015 12:45:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:BFKRZFUI4lMgmjjTySlH4eBjMxXRhCsR:BWslXmOaH4eZMxP

Entry address:
0x2D96EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4378

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.8 MB (2,979,840 bytes)

The file fsd57e.exe has been seen being distributed by the following 3 URLs.

http://45.64.22.93/d22nes4susdva1.cloudfront.net/finalinstaller/.../FinalInstaller_dotnet2.exe

http://91.194.162.11/d22nes4susdva1.cloudfront.net/finalinstaller/.../FinalInstaller_dotnet2.exe

http://d22nes4susdva1.cloudfront.net/finalinstaller/.../FinalInstaller_dotnet2.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-1-45-42.compute-1.amazonaws.com  (52.1.45.42:80)

TCP (HTTP):
Connects to server-52-84-230-156.sfo9.r.cloudfront.net  (52.84.230.156:80)

TCP (HTTP):
Connects to server-52-84-22-72.sea32.r.cloudfront.net  (52.84.22.72:80)

TCP (HTTP):
Connects to server-54-239-132-242.sfo9.r.cloudfront.net  (54.239.132.242:80)

TCP (HTTP):
Connects to server-54-230-0-194.lhr5.r.cloudfront.net  (54.230.0.194:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

TCP (HTTP):
Connects to server-54-230-95-88.fra2.r.cloudfront.net  (54.230.95.88:80)

TCP (HTTP):
Connects to server-54-230-141-97.sfo5.r.cloudfront.net  (54.230.141.97:80)

TCP (HTTP):
Connects to server-54-192-25-204.mxp4.r.cloudfront.net  (54.192.25.204:80)

TCP (HTTP SSL):
Connects to ip146-225-31-103.as131755.net  (103.31.225.146:443)

TCP (HTTP SSL):
Connects to ip126-224-31-103.as131755.net  (103.31.224.126:443)

TCP (HTTP SSL):
Connects to ec2-52-207-19-66.compute-1.amazonaws.com  (52.207.19.66:443)

TCP (HTTP SSL):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:443)

Remove fsd57e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.