javasetup-169387685.exe

Safe Zone Media

The application javasetup-169387685.exe by Safe Zone Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from int2.cdn.hw.cyberfile.info and multiple other hosts.
Publisher:
Safe Zone Media  (signed and verified)

MD5:
bb85ddec6c40a3a44fe58f8971f45884

SHA-1:
eb97ff933273af623a788bf1a84c8ac3be45d193

SHA-256:
1b4197efc66d656e253d2b7ee4eab7c148e7db0af39bb98f97a817d7427add2d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 2:35:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader
16.9.28.17

File size:
360.2 KB (368,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\javasetup-169387685.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 11:13:39 PM

Valid to:
3/8/2017 11:13:39 PM

Subject:
CN=Safe Zone Media, O=Safe Zone Media, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
55CDA6095D7CB6A9

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
6144:U0F8thpVs2Sp9u1+M7xfGglHeQYG0/RLRGwRTZGJCSCdaP7RzTc90L229aeqPejT:nuth5G1MxHe7LdDC7RPs0C292ennOIEM

Entry address:
0x21D60

Entry point:
C6, 05, F0, 21, 42, 00, 00, B9, 00, B0, 45, 00, BA, 04, B0, 45, 00, B8, 20, 0D, 45, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 00, 0D, 45, 00, E8, 96, BC, FE, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
131.4 KB (134,560 bytes)

The file javasetup-169387685.exe has been seen being distributed by the following 15 URLs.

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176037945&filename=FlashVideoPlayer.exe&cb=298237855&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=179557985&filename=FlashVideoPlayer.exe&cb=848360823&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=180737365&filename=FlashVideoPlayer.exe&cb=-1936584929&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=181748429&filename=JavaSetup.exe&cb=-1961383480&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=f21a9328760447d59cdacf88b5a5f68b&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176568017&filename=JavaSetup.exe&cb=1986357986&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=177855853&filename=JavaSetup.exe&cb=421806348&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=c266ee4621654790947da1b5f5bbd77c&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=180374353&filename=FlashVideoPlayer.exe&cb=-1209197399&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=177541661&filename=FlashVideoPlayer.exe&cb=1005712337&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=182445249&filename=JavaSetup.exe&cb=790653340&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=835fe9794149480e8b44ee8e29f11838&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=181670331&filename=JavaSetup.exe&cb=806043635&usefilename=true&executableroutePath=1204273&stub=true

http://int2.cdn.hw.cyberfile.info/dl-pure/1204275/.../?bc=1204275&checksum=176596703&filename=FlashVideoPlayer.exe&cb=1217136526&usefilename=true&executableroutePath=1204273&stub=true

http://intva2.cyberfile.info/dl?bc=1204275&c=1160&filename=JavaSetup.exe&p_tid=10cb57c2b0a54836998826482ab49f9a&source=3&productKey=dda6zysfthlcmtt5e5yr2zi253gvmx2u&zTmp=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-7-18-232.compute-1.amazonaws.com  (52.7.18.232:80)

Remove javasetup-169387685.exe - Powered by Reason Core Security