hph_setup.exe

Bolide Software

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Bolide Software   (signed by Bolide Software)

Description:
Secure Photo Album

MD5:
81c60e6d34f2c1a57bc54154d090f897

SHA-1:
4a002b0ff8c01b45bf5e87c270767ed54107b2d2

SHA-256:
98ad137cb2385760185f48c6e53ed10e48a872b9a88c26dde8e8e1f1fb6ee510

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:52:16 AM UTC  (today)

File size:
2.5 MB (2,628,472 bytes)

Copyright:
(C)2007-2009 Bolide Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\hph_setup.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
11/26/2008 11:00:00 AM

Valid to:
11/27/2011 10:59:59 AM

Subject:
CN=Bolide Software, O=Bolide Software, STREET=Astrahanskaya 175/15-53, L=Tambov, S=RU, PostalCode=392005, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00F96810F00F4393236A6A11D504664EB6

File PE Metadata
Compilation timestamp:
6/20/1992 9:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:2GuhoqgQ+qtnF1/QpffKWP3I1xQC4r605oCiOn5dkCJA60A2T0:fYP7F14p1P3ub0P/Y02T

Entry address:
0x98D8

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, EE, 97, FF, FF, E8, F5, A9, FF, FF, E8, 20, CC, FF, FF, E8, 67, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 82, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 38, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 9F, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9933

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file hph_setup.exe has been seen being distributed by the following 8 URLs.

http://gsf-cf.softonic.com/4a0/02b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=334900&instance=softonic_es&type=PROGRAM&Expires=1471435941&Signature=DpM2zWBJfZ4G4vgmGP5Nc4W2C09C8xtcypNGgAR5AroQZX-5-ZVVqvxoXh0-pl9~p4FGUAf3RMS6luCdz2hCBDeU35DN53LWcaloRFBtfP1L3vlupfIX6~ATrwVaVvMomR7ALd4nV6GnPeeE9M5c3Kj-wiKaVSaLYzkymgB4k08_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hph_setup.exe

http://gsf-cf.softonic.com/4a0/02b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=334900&instance=softonic_es&type=PROGRAM&Expires=1459733774&Signature=Qd1HZwzEhZsEXHDdNXNvXWIDYhhrMXxTaQ-xjuILiCdB~aqIxcAEz~RAh~VbvaNh176~lB1rIcuYB7Lh3ZY8~~ar3O3mAE4rvvVRpwJlxY3UUM8GxNBB6RrdCrA9omi~JbXQ898UUUvH6ZzXxEY9h6BWqiMoN7ovSc-IUoQMs14_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hph_setup.exe

http://gsf-cf.softonic.com/4a0/02b/.../file?SD_used=0&channel=WEB&fdh=no&id_file=334900&instance=softonic_es&type=PROGRAM&Expires=1473398836&Signature=gIPE2HpB2~wjcgFmPD4BC-Fe-8Ct9iIQ1raoEluHGfGMY~TpLWyXTejleC-X7dQRomtNKCw1t9c94P6ZmgP8A~eBaZ9sAi1hF-82t39NbpwKZ0aflXHk44C-o~Y0MD8B0uIZhxlwGcAd9hxqViSedplPmyLh7DImoLgbKPsB44g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=hph_setup.exe

https://hide-photos.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWuZIFnoHcEI7f5JH/dVbUsWkVeRCqlVrAALTHKvHjqRpI9jozBxHCoc5v4KQoEMHgoEZP/.../1xEGi9 0=

http://files.downloadnow.com/s/software/13/37/03/.../hph_setup.exe

Scan hph_setup.exe - Powered by Reason Core Security