fsd787d.exe

Installer

The application fsd787d.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from shooky-26-05-2015.s3-website-us-east-1.amazonaws.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Description:
Installer-H

Version:
1.0.0.0

MD5:
2183702c902d734769e949224cfd8829

SHA-1:
8d4fb305c4ad2f5a790b0b05d32483cc932c592f

SHA-256:
92126029088f32fd3fcc3f44cc783522e16df6ecf8865fecf7455f0b0fa5aac9

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
1/13/2025 7:34:22 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
160216-0

Dr.Web
Trojan.Crossrider1.50845
9.0.1.05190

ESET NOD32
MSIL/Adware.Imali.E application
8.0.319.0

F-Secure
Variant.Zusy.164594
5.15.21

Kaspersky
not-a-virus:AdWare.MSIL.Agent
15.0.0.562

Norman
Gen:Variant.Zusy.164594
29.02.2016 03:11:57

File size:
2.9 MB (3,022,143 bytes)

Product version:
1.0.0.0

Original file name:
FinalInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/24/2015 9:45:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:78KOZFUIE6kcZwzMgmjjTySlH4eBjMxXRhCsI:7OgXc+zXmOaH4eZMxP

Entry address:
0x2D9B8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.8 MB (2,980,864 bytes)

The file fsd787d.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove fsd787d.exe - Powered by Reason Core Security