hopper-1.2-2008-110600.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.lo4d.com and multiple other hosts.
MD5:
4c4dbfa3e810daed24fb1d2c13db904c

SHA-1:
66677c1b961ca65749d03e3e4f40f12be5095b6e

SHA-256:
89528f6cc28d8634d9236e5e327883bbdc7b4e020adc2b072bfe0b40a7f74cb4

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/28/2024 12:04:10 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Trojan.Agent-21984
0.98/18155

File size:
4.8 MB (5,055,837 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\programs\hopper-1.2-2008-110600.exe

File PE Metadata
Compilation timestamp:
2/8/2008 10:25:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:dQYPTAn54I1dMJahGOdXiYjN6uBE1lwMtJzb9WP05tFSB7ODznQUapnGwaNxILC:dPO2I1dlddLjvE1K0b9G0xfn1aZGLHIu

Entry address:
0x30ED

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 58, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, E1, 2A, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 4C, 91, 40, 00, 68, 60, E3, 42, 00, E8, 98, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 86, 27, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

Scheduled Task
Task name:
{F128F11A-CB36-43BF-BCB4-75B312539A7E}

Trigger:
Registration (Runs on registration)


The file hopper-1.2-2008-110600.exe has been discovered within the following program.

Baidu Browser  by Baidu, Inc.
25% remove it
 
Powered by Should I Remove It?

The file hopper-1.2-2008-110600.exe has been seen being distributed by the following 5 URLs.

http://www.lo4d.com/get-file/wifi-hopper/.../

http://113.171.224.170/.../hopper-1.2.exe

Scan hopper-1.2-2008-110600.exe - Powered by Reason Core Security