myphoneexplorer_setup_1.8.6.exe

Franz Josef Wechselberger

The application myphoneexplorer_setup_1.8.6.exe by Franz Josef Wechselberger has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from app.fosshub.com and multiple other hosts. While running, it connects to the Internet address www24.world4you.com on port 80 using the HTTP protocol.
Publisher:
Franz Josef Wechselberger  (signed and verified)

MD5:
3620d0f0bc89e6c88ae1dfbe5cc2902e

SHA-1:
982cba880955552478fbc9a2e3743d7e44c053fc

SHA-256:
f2fd05f13f61ff0d8afcbc11d3941cf4260d6e081ef50480cc7c721b01d4c6c8

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:03:15 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/DownWare
8.10686

Reason Heuristics
PUP.Installer.FranzJosefWechselberger.Z
14.11.9.11

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.141107

File size:
7.1 MB (7,403,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\myphoneexplorer_setup_1.8.6.exe

Digital Signature
Authority:
QuoVadis Trustlink Switzerland Ltd.

Valid from:
2/27/2014 6:46:24 PM

Valid to:
2/27/2017 6:46:22 PM

Subject:
E=fj.wechselberger@gmx.at, CN=Franz Josef Wechselberger, C=AT

Issuer:
CN=QuoVadis Swiss Advanced CA, OU=Issuing Certification Authority, O=QuoVadis Trustlink Switzerland Ltd., C=CH

Serial number:
238D148E639C178910701753778E150EE0C946AC

File PE Metadata
Compilation timestamp:
12/6/2009 4:53:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:MbtzEA/oh2GMJs11PemLk3Ko03iKfAD/v3iX:MFosGP1GOk67tkv3iX

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file myphoneexplorer_setup_1.8.6.exe has been seen being distributed by the following 48 URLs.

http://app.fosshub.com/download/.../b7eb480282ad24d71e00648bac4eeaf6

http://app.fosshub.com/download/.../9bf515d2a92b82e705c5e482ab818689

http://download.fosshub.com/Protected/expiretime=1419761394;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/c0b1ee1bb0a0d29855d7d121c81dbdf16785c6289d34b34482432836cfc352be/.../MyPhoneExplorer_Setup_1.8.6.exe

http://download.fosshub.com/Protected/expiretime=1421391187;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/c662930bf66908c07a7a043d707e45914941063a40056789e68d7889f786257c/.../MyPhoneExplorer_Setup_1.8.6.exe

http://download.fosshub.com/Protected/expiretime=1422797684;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/b5321b243e2896ee8a0c3110302ae69d82087d39bf2727dd33465cfcecaf7ae1/.../MyPhoneExplorer_Setup_1.8.6.exe

http://download.fosshub.com/Protected/expiretime=1419008936;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/d7a8c15fc05451e0908c4542947058ec09490839e3f1d5f4384b7a248c69b47a/.../MyPhoneExplorer_Setup_1.8.6.exe

http://download.fosshub.com/Protected/expiretime=1421888280;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/9b6cf9c8f075691df04d552b793a328a7ca6c9eda96e0db762dba8365c7c9dab/.../MyPhoneExplorer_Setup_1.8.6.exe

http://download.fosshub.com/Protected/expiretime=1421103521;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NeVBob25lRXhwbG9yZXIuaHRtbA==/a5c8beaa6133a8f83e99eba444e3e38c09db578862f9fba75a709d03e2f95339/.../MyPhoneExplorer_Setup_1.8.6.exe

http://app.fosshub.com/download/.../372975a03065724602f4bccc5a661417

Latest 30 of 48 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to www24.world4you.com  (81.19.145.44:80)

Remove myphoneexplorer_setup_1.8.6.exe - Powered by Reason Core Security