itoolssetup_en_3.1.8.7.exe

Shenzhen Thinksky Technology Co.,Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from ec.ccm2.net and multiple other hosts.
Publisher:
Shenzhen Thinksky Technology Co.,Ltd  (signed and verified)

MD5:
2bd6a722d4f8c2b23cbd010660e2ee00

SHA-1:
c3bc1836252ae33e7a0e7829715521c06853509a

SHA-256:
2ad30112d73454c62234e3539cd6b1f74d8e2a1bbb271c0071186d007ff923fc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 12:56:48 PM UTC  (today)

File size:
13 MB (13,663,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\itoolssetup_en_3.1.8.7.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/24/2014 12:00:00 AM

Valid to:
5/26/2016 12:59:59 AM

Subject:
CN="Shenzhen Thinksky Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Thinksky Technology Co.,Ltd", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
21650A6A34681FDC7B0FD4A210073B60

File PE Metadata
Compilation timestamp:
3/25/2015 1:24:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Y+jLhjDA1h9aLITr8eClnjba2+vSYmFa0p280S0xZswIpvEEKVHVXJ:r9ahofa2mSYmFHpVqShpvPeVXJ

Entry address:
0x3FC08

Entry point:
E8, 1D, 9B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 2C, A1, 30, 91, 46, 00, 33, C5, 89, 45, FC, 56, FF, 75, 0C, 8B, 75, 08, 8D, 4D, D4, E8, 5B, E6, FF, FF, 85, F6, 75, 21, E8, 41, 16, 00, 00, C7, 00, 16, 00, 00, 00, E8, E4, 15, 00, 00, 80, 7D, E0, 00, 74, 07, 8B, 45, DC, 83, 60, 70, FD, D9, EE, EB, 58, 8B, 45, D4, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, D4, 50, 0F, B6, 06, 6A, 08, 50, E8, 88, 6C, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08...
 
[+]

Entropy:
7.9914  (probably packed)

Code size:
337 KB (345,088 bytes)

The file itoolssetup_en_3.1.8.7.exe has been seen being distributed by the following 34 URLs.

http://ec.ccm2.net/br.ccm.net/download/.../iToolsSetup_EN_3.1.8.7.exe

http://up.bav.baidu.com/?rh=3A9402BABA498A8A722455BCEF5D1697&baidusign=22212551&baidurand=1233

http://www.bulkstockupdate.com/.../vx1on3BvyQfpbfQVTGFjQGvQkvHPXgitRJ1djHYmPdj&downloadAs=TomsInstaller.exe

http://www.bestcenterdownloads.com/c?x=U0HOcmVUqECSjSc37nasAtW5tMDWWVjlow iTbn4bVc=&c=OjbVmko6TgcZXSd0bvkeAeEeDNCixEa1oxAqqCQR /zi1/ v15xqjW2G5Ku5Us6phfLZ6R3eLFWVV1IGB5zUmwz2kyIksG7n/.../7A&downloadAs=TomsInstaller.exe

http://www.filestourssigns.com/c?x=eD0XqpI9SVRionm6FpgmIFEb/.../o=&c=64LuVztIsuSTdmAp sXrqHVGEiAYEpf7Bn5y9tPfylittYfgCMGHY856TFb8RNcPDRAPjL6t0xreIZ0Zi8oF8jyamLKhek3qvn 4peS6OjjCa1d7BF3Qvv0Y2xjrUkBt&downloadAs=TomsInstaller.exe

https://dlmauq.bn1302.livefilestore.com/.../iToolsSetup_EN_3.1.8.7.exe

https://download.wetransfer.com/wetransfer-eu1/.../iToolsSetup_EN_3.1.8.7.exe

http://www.bulkstockupdate.com/c?x=DK7FQHYqJYyr5ExVsNnExDJ5i3yraeUwYu2x0ehQt3U=&c=lWp0sbsw42PbRzyLsSGaxsKZlVh4QzyF6Jq8USXP8gcPwkFaCFycKb2MnF0znYXtmnRq5Ns6AeJXozuh0Z5iz3lkEQ683b7ETAK9/.../6DPlR0Vn61zckSI89nqS04htK&downloadAs=TomsInstaller.exe

temp:iToolsSetup_EN_3.1.8.7.exe

Latest 30 of 34 download URLs

Scan itoolssetup_en_3.1.8.7.exe - Powered by Reason Core Security