home

mustang_setup_dlsite.sft_1.44.46.6.exe

Mustang Browser

RAFO TECHNOLOGY INC

The application mustang_setup_dlsite.sft_1.44.46.6.exe by RAFO TECHNOLOGY INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from download.rafotech.com and multiple other hosts. While running, it connects to the Internet address c5.3e.559e.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Rafotech  (signed by RAFO TECHNOLOGY INC)

Product:
Mustang Browser

Version:
1.44.46.6

MD5:
50c483c81e6e3cd001309684852a4503

SHA-1:
ab09c22b9affd19688c2a7e84e8af76e63b72806

SHA-256:
b42e3e84652a26cc96f24b6262d73f17f8111e2436dbcedaf5c10c3a18dafa66

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:38:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Fafo.MB (M)
16.11.10.14

File size:
39.3 MB (41,176,664 bytes)

Product version:
1.44.46.6

Copyright:
Copyright 2015 Rafotech. All rights reserved

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mustang_setup_dlsite.sft_1.44.46.6.exe

Digital Signature
Signed by:
RAFO TECHNOLOGY INC

Authority:
GlobalSign nv-sa

Valid from:
3/18/2015 7:50:02 AM

Valid to:
3/18/2016 7:50:02 AM

Subject:
CN=RAFO TECHNOLOGY INC, O=RAFO TECHNOLOGY INC, L=Alhambra, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130B87F4F087E63E0D3D6DC5F093C0729

File PE Metadata
Compilation timestamp:
8/22/2015 1:32:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:oGwj03r8wGyvNGTrypMGAts6LmMWBf3aYTbIUK/dxeHigjUDdkPfM6kOeSk:ow3rlG+cyks6LmNlDwU8yhjU87k

Entry address:
0x247DF

Entry point:
E8, 2D, 76, 00, 00, E9, 7F, FE, FF, FF, E8, 27, 6B, 00, 00, 85, C0, 75, 06, B8, D4, 31, 44, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, F3, 6A, 00, 00, 85, C0, 75, 06, B8, D0, 31, 44, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 68, 30, 44, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Code size:
207.5 KB (212,480 bytes)

The file mustang_setup_dlsite.sft_1.44.46.6.exe has been seen being distributed by the following 4 URLs.

http://download.rafotech.com/.../download.php?cid=landpage&s2sid=BCAE54A0-4335-75B1-E139-07CC28DE2FA0&guid=c3203d0-3344-dc08-e26-9ca485802ce0&isoffline=true

http://pl.softoware.net/get-mustang-browser.html?ir=1

http://files.downloadnow.com/s/software/14/45/83/.../Mustang_setup_dlsite.cnt_1.44.46.6.exe

http://gsf-cf.softonic.com/ab0/9c2/.../Mustang_setup_dlsite.sft_1.44.46.6.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to c5.3e.559e.ip4.static.sl-reverse.com  (158.85.62.197:80)

Remove mustang_setup_dlsite.sft_1.44.46.6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.