» javasetup-169387685.exe
Overview
Analysis
File Details
Downloads (15)
Network (1)

javasetup-169387685.exe

Safe Zone Media

The application javasetup-169387685.exe by Safe Zone Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from int2.cdn.hw.cyberfile.info and multiple other hosts.

File name:

Publisher:

Safe Zone Media (signed and verified)

MD5:

bb85ddec6c40a3a44fe58f8971f45884

SHA-1:

eb97ff933273af623a788bf1a84c8ac3be45d193

SHA-256:

1b4197efc66d656e253d2b7ee4eab7c148e7db0af39bb98f97a817d7427add2d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:36:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Downloader

16.9.28.17

File size:

360.2 KB (368,864 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\javasetup-169387685.exe

Digital Signature

Signed by:

Safe Zone Media

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 11:13:39 PM

Valid to:

3/8/2017 11:13:39 PM

Subject:

CN=Safe Zone Media, O=Safe Zone Media, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

55CDA6095D7CB6A9

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

6144:U0F8thpVs2Sp9u1+M7xfGglHeQYG0/RLRGwRTZGJCSCdaP7RzTc90L229aeqPejT:nuth5G1MxHe7LdDC7RPs0C292ennOIEM

Entry address:

0x21D60

Entry point:

C6, 05, F0, 21, 42, 00, 00, B9, 00, B0, 45, 00, BA, 04, B0, 45, 00, B8, 20, 0D, 45, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 00, 0D, 45, 00, E8, 96, BC, FE, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

131.4 KB (134,560 bytes)

The file javasetup-169387685.exe has been seen being distributed by the following 15 URLs.

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176037945&filename=FlashVideoPlayer.exe&cb=298237855&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=179557985&filename=FlashVideoPlayer.exe&cb=848360823&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=180737365&filename=FlashVideoPlayer.exe&cb=-1936584929&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=181748429&filename=JavaSetup.exe&cb=-1961383480&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=f21a9328760447d59cdacf88b5a5f68b&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176568017&filename=JavaSetup.exe&cb=1986357986&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=177855853&filename=JavaSetup.exe&cb=421806348&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=c266ee4621654790947da1b5f5bbd77c&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=180374353&filename=FlashVideoPlayer.exe&cb=-1209197399&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=177541661&filename=FlashVideoPlayer.exe&cb=1005712337&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=182445249&filename=JavaSetup.exe&cb=790653340&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=835fe9794149480e8b44ee8e29f11838&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=181670331&filename=JavaSetup.exe&cb=806043635&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176596703&filename=FlashVideoPlayer.exe&cb=1217136526&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=10cb57c2b0a54836998826482ab49f9a&source=3&productKey=dda6zysfthlcmtt5e5yr2zi253gvmx2u&zTmp=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-7-18-232.compute-1.amazonaws.com (52.7.18.232:80)

Remove javasetup-169387685.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.