ir053.exe

Christian Kindahl

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.
Publisher:
Christian Kindahl  (signed and verified)

MD5:
55b8e85efd9731d7b9d5f5f7e4de5a2d

SHA-1:
2619026e3e9c94b61ebffcacc8c239d8df430cfc

SHA-256:
8cee83f7f489a6aef4218a953b87b1c22d6a93c966e79275c8cb2abe830d0731

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 7:44:16 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0528
7.2.365

File size:
4 MB (4,151,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\ir053.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
2/28/2011 12:00:00 AM

Valid to:
2/28/2016 11:59:59 PM

Subject:
CN=Christian Kindahl, O=Christian Kindahl, STREET=Lotta Svärdsgatan 4 A, L=Göteborg, S=Västra Götaland, PostalCode=41504, C=SE

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00B1F4A9019F0E490A34743EF8FEB1A228

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:JIDOnV75mVi5pEEPjKSJyhyNoDLR9iQECM+z4NN6AI/4dCHgs/oCXulTxiV/M0sm:dnzmVi5WbSJyhLD7itCVZr9gk4gU0J

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9958

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ir053.exe has been seen being distributed by the following 50 URLs.

https://download.fosshub.com/Protected/expiretime=1462271330;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/9de80be0da2b6044b4b9de5095b8b137f706218d13618d223e5d39bea08bf682/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1486421874;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/1a4b9f1da762616a8798c49dd6ec56bf9722c6d0b9f849c0f978e97ad39f4547/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1484791179;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/ef12de8ed97d8242152b39f9fcfb1faec8cbd71189a8539ea998136b39714fdc/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1466976536;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/df5beda3f38247949c326eeaab8346e9c7f5303db9d0d82e489d9f932d26cafe/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1483648045;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/ecb911f5fda8f60305d421d69db152d168c195760e1e73b584d2a89fc15cd63d/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1487094741;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/24a5722286951dfe533afecaf31073d53693ad9cfdb97a69225fa495b2700938/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1485112700;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/ad21759003626e00af0492e941294b87853dc05454d1eee08709f4d5aad99295/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1483780823;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/46db2c9b4bc6ec1798c502f5ad4d58af722d6e06184cce047124ef91b1093baa/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1484940071;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/4a04f1bf61d7bee4d65f5942ba4851e8a9c4d1ae8263a0559f8a7b51f93d8037/.../ir053.exe

http://download.fosshub.com/Protected/expiretime=1436539197;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/785a2e9942fe4ce57557d18e9b30599e11ea1c8a1ac680775aba2a408fbcd3a9/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1473730530;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/b3587853687a836ef8e9c09e33d9ba2be389e94ffef98ee5b874af8270b80902/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1482212208;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/3484240baed7f62e6d932b8b5dd43de770add1ab9694fbf9862e726116c5129e/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1482967214;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/5ff8647dbe5faaf1d82d8c51ba9d3e33e180309811bb05baf90b85cbb0cbe613/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1486986067;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/47e58cf6698d00289a3de8b980a5b2b351ee74b66bddadd9b685adc4a29c5025/.../ir053.exe

http://totalsoft.org/go.php?site=http://files.totalsoft.org/I/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1471827837;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/23fd714d340ce2c7f87ce244c27aac915901471701f2509aa2d32f770b7d5869/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1487277973;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/1a2affbec51de8497361a01e7a9a15e05c61a7649f0c0135f6b1bb65b562905e/.../ir053.exe

http://lb.cdn.m6web.fr/d/c/a/8293d35637d04a321091a9c81a15d8ff/5867e44a/soft/.../infrarecorder_infrarecorder_0.53_francais_32014.exe

https://download.fosshub.com/Protected/expiretime=1475724426;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/ec66a0a60f5b87d8111754047aec14478d3e0e3b17ffd808c4cf4914e2566aa6/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1478578995;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/2e3bdf0f6fee4edc60fb7ea6cc7e24e9fa5ddd018b9441b133770c795b135542/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1482537900;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/fcd19730c5a5dfe85ed3c7fa4d8093ee69763e6a03880de3ec8fce447d248894/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1455960284;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/61ac3c289ed5c569321ffb2fc7ea6e3e5890564e5ef2f39e944322fe12d0e51d/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1481047382;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/6d4681f51c2540740f670fd029871e4ea90f5bb3ebceabd595165a9fc5dae0f9/.../ir053.exe

https://netix.dl.sourceforge.net/project/infrarecorder/InfraRecorder/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1461857420;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/d1eb81de2d29cad5c2fd70e67b892ecc9797759b635c7bf5fb47028a3e63cbbf/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1483215596;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/69e5054354337ea63657f7600e0633beffb4c3a907b7ce2a46e888797cedc6ca/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1474404017;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/e49bbf0152ba623e28b592c25821ea535406c7109826c34c80a5091ac78eb5a3/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1455986491;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/7a6c2c8187c9d662c8fa76f18f2f8bccfcad42d24d73bbf5b7bd2037f35d9ad2/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1483306411;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/0b0893a8e2f41ca5e55ce502bdb13d08e2945f9ce5ea79d4f52b18225d8c1df6/.../ir053.exe

https://download.fosshub.com/Protected/expiretime=1485550005;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9JbmZyYVJlY29yZGVyLmh0bWw=/ad83308ef8bd6bfce7987ba6a104d8dd7c5609ae01cc4b4873561b4b8ec6d87c/.../ir053.exe

Latest 30 of 560 download URLs

Scan ir053.exe - Powered by Reason Core Security