home

mustang_setup_bxk_1.0.exe

Mustang Browser

RAFO TECHNOLOGY INC

The application mustang_setup_bxk_1.0.exe by RAFO TECHNOLOGY INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from download.rafotech.com and multiple other hosts. While running, it connects to the Internet address c5.3e.559e.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Rafotech  (signed by RAFO TECHNOLOGY INC)

Product:
Mustang Browser

Version:
1.44.46.3

MD5:
bfafad4c40f08b180ff3c381666624bc

SHA-1:
ecd92dcc65e972a3434b04e981ae28763a291e6d

SHA-256:
e0fdee392569c43bb990b0ad77ca0cfa316a87d26c1acc2e55684af527186c1f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2025 6:25:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Fafo.MB (M)
16.11.10.14

File size:
659.6 KB (675,416 bytes)

Product version:
1.44.46.3

Copyright:
Copyright 2015 Rafotech. All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mustang_setup_bxk_1.0.exe

Digital Signature
Signed by:
RAFO TECHNOLOGY INC

Authority:
GlobalSign nv-sa

Valid from:
3/18/2015 2:50:02 AM

Valid to:
3/18/2016 2:50:02 AM

Subject:
CN=RAFO TECHNOLOGY INC, O=RAFO TECHNOLOGY INC, L=Alhambra, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130B87F4F087E63E0D3D6DC5F093C0729

File PE Metadata
Compilation timestamp:
7/15/2015 5:29:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:euGbLSEHs5Ttc8RFo3rqYJjOYot4ttmCbRx5V9zydSiezsm2KtYj1HBS6IL4oz08:SX+uCGrqgOBt4tTDaSiNKt/LumuS04d

Entry address:
0x1F546

Entry point:
E8, 3B, 93, 00, 00, E9, 7F, FE, FF, FF, E8, EE, 69, 00, 00, 85, C0, 75, 06, B8, D4, 31, 44, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, BA, 69, 00, 00, 85, C0, 75, 06, B8, D0, 31, 44, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 68, 30, 44, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Code size:
201 KB (205,824 bytes)

The file mustang_setup_bxk_1.0.exe has been seen being distributed by the following 9 URLs.

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMS1145.9j.rz8vAoL-PaQQBUTLHJy&guid=1c33abb6-da4e-ef6a-81d5-55c5e6f27534

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JFC1315.47c4xKsy8O-PaPHBURsHRc&guid=bc23e740-6185-fbea-3f4d-71fe10b55c0d

http://gsf-cf.softonic.com/ecd/92d/.../Mustang_setup_dlsite.sft_1.0.exe

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.uKRxsC3y7X-PaQQBUTLHJy&guid=99781ddf-1ac9-fb68-4131-fe35f69c4b9

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=18a96358-e824-3830-7cb-4efea61b5632

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JEC1259.a.ETdT3c8A-PaQQBUTLHJy&guid=cbc9cca0-1439-24d7-c338-86f661aa8ef5

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMS1151.RtQE86KL1.-PaQQBUTLHJy&guid=3703bb54-2c05-e2d4-2bb2-ea16afe6b0b5

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JMC1259.Hw95yyyE5S-PaQQBUTLHJy&guid=d6d5a2f2-c5a5-5110-2722-65909b1f91e5

http://download.rafotech.com/.../download.php?cid=aed&s2sid=JFC1315.NfJaU46QxU-PaPHBURsHRc&guid=38a054ce-92e2-2f59-d651-5862d3914e40

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to c5.3e.559e.ip4.static.sl-reverse.com  (158.85.62.197:80)

Remove mustang_setup_bxk_1.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.