home

NDP451-KB2859818-Web.exe

Microsoft .NET Framework 4.5.1

Microsoft Corporation

This is a setup and installation application. The file has been seen being downloaded from thd-diy-ca.bhuat.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft .NET Framework 4.5.1

Description:
Microsoft .NET Framework 4.5.1 Setup

Version:
4.5.50938.18408

MD5:
24281f84c5521204e4454207f3becf96

SHA-1:
4cbea1e408db5b423e130931b9478972e6798431

SHA-256:
e3efceb54d9b6e94fa5797f95589784aa316118af6d82f4d18e2f98f6206867f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/16/2024 11:35:19 AM UTC  (today)

File size:
997.5 KB (1,021,432 bytes)

Product version:
4.5.50938.18408

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
NDP451-KB2859818-Web.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/24/2013 11:33:39 PM

Valid to:
4/25/2014 12:33:39 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
8/2/2013 2:02:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:4E25GSh/hwJdUcyezFSjamublYFbGeMuvJaG5a91WOLVCMOy1X:4EIGSh/AGexm3ubuFbGLuvynDrOE

Entry address:
0x19309

Entry point:
E8, E6, 1A, 00, 00, E9, 84, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 50, 90, 42, 00, 75, 02, F3, C3, E9, 6D, 1B, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, D0, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 66, 8B, 4D, 0C, 83, E8, 02, 3B, C2, 74, 05, 66, 39, 08, 75, F4, 66, 39, 08, 74, 02, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 57, 85, F6, 74, 07, 8B, 7D, 0C, 85, FF, 75, 15, E8, 20, 1E, 00, 00, 6A, 16, 5E, 89, 30, E8, BA, 1D, 00, 00, 8B, C6, 5F, 5E, 5D, C3...
 
[+]

Code size:
158 KB (161,792 bytes)

The file NDP451-KB2859818-Web.exe has been seen being distributed by the following 45 URLs.

http://thd-diy-ca.bhuat.com/CqDesignStartNeo/.../NDP451-KB2859818-Web.exe

q=http://bit.ly/1BDb0nh&redir_token=ti9Nq8WXlqx_dv-nRnXTP8oi0Sl8MTQ0NzkzODE5NkAxNDQ3ODUxNzk2

https://xpress.epaysol.com/ct/drivers/.../NDP451-KB2859818-Web.exe

http://180.149.99.6/data/500ef0b071ed6ef5/download.microsoft.com/download/C/B/A/CBAC7F70-872C-4725-821F-93C099A50317/enu_netfx/.../ndp451-kb2859818-web.exe

http://dl-vip.appstore.baidu.co.th/.../Microsoft .NETFramework_4.5.1.exe

https://cdn.zyto.com/.../net451installer.exe

q=http://bit.ly/1BDb0nh&redir_token=qgl8_gPbJI5A2gUBO15ptaDoBMh8MTQ0NzQ3MzgxMEAxNDQ3Mzg3NDEw

http://go.microsoft.com/.../?LinkID=321331&clcid=0x404

http://adf.ly/YlzhZXoZduHIRWwZOXi18CvOZxGg9T3Ob1mgxjvMYCWtQUuLbxWUlDjNcQmR9kzTbv2IZU0MLDmNNDvObCSR9DkOb23UdjuNb4G09ShOZBCJ8k3QLtzQQkvMM5CQ8T3LNxDEA03MOBE1Ei1N

https://mega.nz/temporary/.../04tQHQyI

http://adf.ly/MlWhZXoZduHIRWwZOXi18CvOZxGg9T3Ob1mgxjvMYCWtQUuLbxWUlDjNcQmR9kzTbv2IZU0MLDmNNDvObCSR9DkOb23UdjuNb4G09ShOZBCJ8k3QLtzQQkvMM5CQ8T3LNxDEA03MOBE1Ei1N

q=http://bit.ly/1BDb0nh&redir_token=OJ1Ct0-zWl3CEFs3Q9wGnthTMi58MTQ0ODIzMjkzM0AxNDQ4MTQ2NTMz

https://sde.bridgebank.com/ct/drivers/.../NDP451-KB2859818-Web.exe

http://www.redelevepizza.com.br/.../NET-x451-NDP451-KB2859818-WEB.exe

q=http://bit.ly/1BDb0nh&redir_token=7MoC97sxeavvDm5Ldw7H5e_iCHp8MTQ0NzQ3Mjk3MUAxNDQ3Mzg2NTcx

q=http://bit.ly/1BDb0nh&redir_token=3bvEZY3cw2VeCxTAVJ4SiGDTrLd8MTQ1MzI3MjM0NkAxNDUzMTg1OTQ2

q=http://bit.ly/1BDb0nh&redir_token=ycurXQFyaljb4DdD9bh4zzZgmDB8MTQ1MDUxMTEwMEAxNDUwNDI0NzAw

http://installs.sevas-s.com/.../net-framework-4.5.1 Final.exe&u={9517CB82-152F-4B1E-BC1A-DA5FB82EB78D}

http://dl-16.one2up.com/onetwo/content/2013/10/.../e445eae4519687bbc91a0d7003d0750e.exe

http://microsoft-net-framework4.software.informer.com/.../

q=http://bit.ly/1BDb0nh&redir_token=MUZZoI6udmQ8mwZRMQEHj2Ky5E98MTQ1NDY2MDg4MkAxNDU0NTc0NDgy

http://bit.ly/1BDb0nh

q=http://bit.ly/1BDb0nh&redir_token=Yid2Dgey1DKhXK9wKO9Gc5rsrSN8MTQ1NTEyNjE2OEAxNDU1MDM5NzY4

q=http://bit.ly/1BDb0nh&redir_token=_-nNMOwLxMl5X5xKPm_OiKm1Z3x8MTQ1NDc2MDk3NUAxNDU0Njc0NTc1

q=http://bit.ly/1BDb0nh&redir_token=imgQoNsgWvKGMQVPPaSnezAaCkZ8MTQ0NzM2MTY2NEAxNDQ3Mjc1MjY0

http://ec.ccm2.net/es.ccm.net/download/.../NDP451-KB2859818-Web-4.6.exe

http://118.175.9.20/msupdate/7/4/0/.../NDP451-KB2859818-Web.exe

temp:NDP451-KB2859818-Web.exe

q=http://bit.ly/1BDb0nh&redir_token=KpfpvnStohrUxXo9ENuZom2y5nN8MTQ1MTQ2MTQ3NkAxNDUxMzc1MDc2

q=http://bit.ly/1BDb0nh&redir_token=yot7S-kH-RtEGl4at-4QYzEOLr18MTQ0ODgwMDE5NkAxNDQ4NzEzNzk2

Latest 30 of 45 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.