msdstubsetup3_20140514.exe

The application msdstubsetup3_20140514.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The file has been seen being downloaded from d1s8azhe8rpvoz.cloudfront.net and multiple other hosts.
MD5:
fea797da764bbec3268be7a9dd450365

SHA-1:
19467c0e3cb2307b3f1478650af9f376cf168eb8

SHA-256:
961da4e43a76e535c5b62e21de532158bb70ff3008b921c50bc901ff37fbea54

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:05:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1739906
780

AVG
AdInstaller.Astromenda
2015.0.3258

Bitdefender
Trojan.GenericKD.1739906
1.0.20.1755

Comodo Security
UnclassifiedMalware
19699

Emsisoft Anti-Malware
Trojan.GenericKD.1739906
8.14.12.17.10

F-Secure
Trojan.GenericKD.1739906
11.2014-17-12_4

G Data
Trojan.GenericKD.1739906
14.12.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.8.0

K7 AntiVirus
Riskware
13.183.13584

Malwarebytes
PUP.Optional.SpeeDial.A
v2014.12.17.10

McAfee
GenericR-AVD!13C52A6077C6
5600.6914

MicroWorld eScan
Trojan.GenericKD.1739906
15.0.0.1053

NANO AntiVirus
Trojan.Win32.RKIF0710.detwmp
0.28.2.62440

Norman
Suspicious_Gen5.ATWMA
11.20141217

nProtect
Trojan.GenericKD.1739906
14.10.02.01

Panda Antivirus
Trj/Chgt.E
14.12.17.10

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.17.10

Rising Antivirus
PE:Trojan.Win32.Generic.171A97F0!387618800
23.00.65.141215

SUPERAntiSpyware
Trojan.Agent/Gen-KD
10172

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.351

Trend Micro
TROJ_GEN.R0C1C0PI114
10.465.17

VIPRE Antivirus
Trojan.Win32.Generic
33664

File size:
390 KB (399,360 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\msdstubsetup3_20140514.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:UGA9HW/iB++6wfPC8/KFZJtAAIMFFQYIvB9YALh7ed/MqEg2gxmFCT4:EW/YT6wfPXCnBilvB9zhSd0dJgxmY0

Entry address:
0x5A228

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, A0, 45, 00, E8, 44, CB, FA, FF, 68, 64, A2, 45, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, 80, A2, 45, 00, B8, B0, A2, 45, 00, E8, A0, B7, FF, FF, E8, 23, A5, FA, FF, 00, 00, 00, FF, FF, FF, FF, 11, 00, 00, 00, 4F, 70, 75, 6C, 63, 2D, 30, 2C, 65, 61, 66, 60, 67, 65, 2D, 4B, 47, 00, 00, 00, FF, FF, FF, FF, 26, 00, 00, 00, 63, 78, 72, 74, 31, 2B, 53, 2C, 29, 77, 2D, 34, 2B, 52, 2C, 6B, 77, 6F, 68, 63, 68, 62, 7A, 63, 76, 72, 2B, 52, 2C, 65, 6B, 66, 2B, 53, 2C, 46, 2E, 46, 00, 00...
 
[+]

Entropy:
6.4960

Developed / compiled with:
Microsoft Visual C++

Code size:
357 KB (365,568 bytes)

The file msdstubsetup3_20140514.exe has been seen being distributed by the following 2 URLs.

Remove msdstubsetup3_20140514.exe - Powered by Reason Core Security