pc_faster_setup_mini_b89_1179908841.exe

Baidu PC Faster

Baidu Online Network Technology (Beijing)Co., Ltd

This is a self-extracting archive and installer. The file has been seen being downloaded from njp.app-amaker.com and multiple other hosts.
Publisher:
Baidu Inc.  (signed by Baidu Online Network Technology (Beijing)Co., Ltd)

Product:
Baidu PC Faster

Description:
Baidu PC Faster MiniSetup

Version:
4,0,0,66368

MD5:
474afd5fa79a0e127777d662f2224241

SHA-1:
9d55ca9f18322bbe7501f1941504ea6a1c8317a6

SHA-256:
9aa3087da352ced0da8855d9f8cf1ad7a21542784ed4d3a72079c25c639fb113

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 4:30:22 AM UTC  (today)

File size:
1.5 MB (1,608,736 bytes)

Product version:
4,0,0,66368

Copyright:
Copyright (C) 2012 Baidu, Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pc_faster_setup_mini_b89_1179908841.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/23/2012 9:00:00 PM

Valid to:
4/24/2015 8:59:59 PM

Subject:
CN="Baidu Online Network Technology (Beijing)Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Baidu Online Network Technology (Beijing)Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3BDB1994B98BBB19AB55A42337FA4F5C

File PE Metadata
Compilation timestamp:
4/21/2014 6:39:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:gjQQ0OE6+oYsuqu7rBebb/ITMVJt8YZpUi92k:D+Esuqu0bDITi39Sk

Entry address:
0xBA0CD

Entry point:
E8, 55, FE, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 6C, 2F, 54, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 1D, FF, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 54, A2, 4B, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9...
 
[+]

Code size:
1 MB (1,064,960 bytes)

The file pc_faster_setup_mini_b89_1179908841.exe has been seen being distributed by the following 50 URLs.

http://njp.app-amaker.com/pop/.../?inject_domain=gqi.viewersheetcolumn.com&product=ClickCaption&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3d3dy5qb2dhbG8uY29tL2pvZ29zLWRlLWd0YS8,&referer=aHR0cDovL3d3dy5qb2dhbG8uY29tL2pvZ29zLWRlLWd0YS9qb2dvLWd0YS1zYW4tYW5kcmVhcy5odG1s&hostname=jogalo.com&optimize=1&v1=jogalo.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=6&pt=babdg

http://download.pcfdisplay.com/cgi/s2s/dl.php?cr=&lang=pt&ptn=neverblue&host=http://.../&sid=3197050683

http://jeb.app-macer.com/pop/.../?inject_domain=gqi.viewersheetcolumn.com&product=SearchSnacks&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3d3dy50ZWNodHVkby5jb20uYnIvdHVkby1zb2JyZS9tb3ktdmlydHVhbC1wZXQtZ2FtZS5odG1s&referer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS5ici8,&hostname=techtudo.com.br&optimize=1&v1=techtudo.com.br&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=6&pt=babdi

http://byvue.com/?a=245864&c=1210090&m=32&s1=zpccbr&s2=2757387831

http://n11.adshostnet.com/cr?b=4935&p=434&ch=similartowww.0p78qfr8q7.com&cps=&c=927&l=BR&h=8888e66aa82cd816554a88a8d3c43e3c&t=1418591798813&u=http://.../?a=291192&c=1319013&m=32&s1=PC_FO_BR_020

https://mpn.wearetheknightswhosaynee.com/pop/1.1.009/?inject_domain=sfl.loaferaphidjubilee.com&product=CinemP 1.8&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9700-1043&url=aHR0cHM6Ly93d3cueW91dHViZS5jb20vcmVzdWx0cz9zZWFyY2hfcXVlcnk9UElOVEFSK1BBSU5FTCtFTStNREYmc3BmcmVsb2FkPTEwJTIwTWVzc2FnZSUzQSUyMFVuZXhwZWN0ZWQlMjBlbmQlMjBvZiUyMGlucHV0JTIwKHVybCUzQSUyMGh0dHBzJTNBJTJGJTJGd3d3LnlvdXR1YmUuY29tJTJGcmVzdWx0cyUzRnNlYXJjaF9xdWVyeSUzRFBJTlRBUiUyQlBBSU5FTCUyQkVNJTJCTURGKQ,,&hostname=youtube.com&v1=youtube.com&link=http://.../?a=502606&c=1210090&m=28&s2={{_id}}

http://jeb.app-macer.com/pop/.../?inject_domain=tch.kitchenstoringshop.com&product=SupraSavings&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9800-1009&url=aHR0cDovL3d3dy50ZWFtdmlld2VyLmNvbS9wdC9kb3dubG9hZC9keW5nYXRlLmFzcHg,&referer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS5ici8,&hostname=teamviewer.com&optimize=1&v1=teamviewer.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&ver=dabc&am=yg&pc=4&pt=babdh

http://n11.adshostnet.com/cr?b=4935&p=434&ch=similartowww.tqtv380br.com&cps=&c=927&l=BR&h=8888e66aa82cd816554a88a8d3c43e3c&t=1417012228960&u=http://.../?a=291192&c=1319013&m=32&s1=PC_FO_BR_020

http://edc.lilychn.com/pop/.../?inject_domain=ghi.traintravelca.com&product=CinPlus-AI1.5cV17.11&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9700-1043&url=aHR0cDovL3d3dy5zb2Z0b25pYy5jb20uYnIvcy90b2Rvcy1hbnRpLXZpcnVzLWdyYXRpcw,,&referer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS5ici8,&hostname=softonic.com.br&optimize=1&v1=softonic.com.br&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=8&pt=babce

http://byvue.com/?a=233200&c=1210090&m=28&s2=ZP&s3=papa-din-7jLEpYic_maltes micro rio de janeiro rio de janeiro - animais rio de janeiro,cidaderiodejaneiro,cidaderiodejaneiro.olx.com.br_&s4=WlY2YTNmOTMyNWQ2M2MxMWUzODY1ZDEyNWFlOGMyMDVkOTEzOTk1MDQwNzU

http://byvue.com/?a=510020&c=1210090&m=32&s1=DR_2759&pmp_c=2759&pmp_a=4992&pmp_b=&pmp_ts=2236&pmp_u=49&pmk=42236&s2=546f7758e4b08dda1f576769

http://edc.lilychn.com/pop/.../?inject_domain=nzt.divtickets.net&product=SpeedChecker&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=3333-8003&url=aHR0cDovL3d3dy51dG9ycmVudC5jb20vaW50bC9wdC8,&referer=aHR0cDovL3d3dy51dG9ycmVudC5jb20v&hostname=utorrent.com&optimize=1&v1=utorrent.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&ver=dacd&am=yg&pc=5&pt=babc

http://rdsrv.com/.../click.php?subid=237829uIvXF6b18AgldrAQrgA4MjAxMTI3NTggICAgICAgICAgICAgICAgICAgICDNWlpAG02_AAEAAAAAALAb0iAAIgABAAAAAAABAAAADwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZW4gIAEA&redir=aHR0cDovL2J5dnVlLmNvbS8_YT03Nzg1NiZjPTEyMTAwOTAmbT0yOCZzMj0kUEFSQU0k&subid2=146caHR0cDovL3d3dy5sZWFndWVyZXBsYXlzLmNvbS9kb3dubG9hZC9MZWFndWUgUmVwbGF5cyB8IERvd25sb2FkIHRoZSBMT0wgUmVwbGF5IENsaWVudCA~&cost=0

http://ybr.lilyochin.com/.../?d=W3sibGluayI6ImFIUjBjRG92TDJKNWRuVmxMbU52YlM4X1lUMDFNREkyTURZbVl6MHhNakV3TURrd0ptMDlNamdtY3pJOWUzdGZhV1I5ZlEsLCJ9LHsiY3QiOiJjcGEifSx7InB0IjoiYmFiY2oifSx7InZlciI6W119LHsicmVmZXJlciI6ImFIUjBjSE02THk5M2QzY3VaMjl2WjJ4bExtTnZiUzVpY2k4LCJ9LHsicHVibGlzaGVyIjpbXX0seyJjb3VudHJ5IjoiYnIifSx7ImluamVjdF9kb21haW4iOiJnaGkudHJhaW50cmF2ZWxjYS5jb20ifSx7Imhvc3RuYW1lIjoiYXZnYnJhc2lsLmNvbS5iciJ9LHsidjEiOiJhdmdicmFzaWwuY29tLmJyIn0seyJnMSI6InlnIG5iIGRvd24gcGNmYXN0ZXIgYnIifSx7InByb2R1Y3QiOiJJbmZvIn0seyJjaGFubmVsIjoiOTcwMC0xMDQzIn0seyJnMiI6Imhvc3RuYW1lX29vIn0seyJuZXR3b3JrIjoibmIifSx7InBjIjo2fSx7ImczIjpudWxsfSx7InYzIjpudWxsfSx7InYyIjpudWxsfSx7Im9wdGltaXplIjp0cnVlfSx7InF1ZXJ5IjpbXX0seyJjYXRlZ29yeSI6W119LHsiYW0iOiJ5ZyJ9LHsidXJsIjoiYUhSMGNEb3ZMM2QzZHk1aGRtZGljbUZ6YVd3dVkyOXRMbUp5TDJGMlp5MW1jbVZsTFdGdWRHbDJhWEoxY3kxbmNtRjBhWE0sIn1d

http://ybr.lilyochin.com/.../?d=W3sicGMiOjV9LHsiZzIiOiJob3N0bmFtZV9vbyJ9LHsicHQiOiJiYWJjZSJ9LHsidmVyIjoiZGFiaiJ9LHsiY2hhbm5lbCI6Ijk3MDAtMTA0MyJ9LHsibGluayI6ImFIUjBjRG92TDJKNWRuVmxMbU52YlM4X1lUMDFNREkyTURZbVl6MHhNakV3TURrd0ptMDlNamdtY3pJOWUzdGZhV1I5ZlEsLCJ9LHsidXJsIjoiYUhSMGNEb3ZMM052ZFhKalpXWnZjbWRsTG01bGRDOXdjbTlxWldOMGN5OWhjbVZ6WjJGc1lYaDVMM0J2YzNSa2IzZHViRzloWkQ5emIzVnlZMlU5Wkd4dyJ9LHsiY291bnRyeSI6ImJyIn0seyJxdWVyeSI6W119LHsiYW0iOiJ5ZyJ9LHsidjEiOiJzb3VyY2Vmb3JnZS5uZXQifSx7InJlZmVyZXIiOiJhSFIwY0RvdkwzTnZkWEpqWldadmNtZGxMbTVsZEM5d2NtOXFaV04wY3k5aGNtVnpaMkZzWVhoNUwyWnBiR1Z6TDJ4aGRHVnpkQzlrYjNkdWJHOWhaQSwsIn0seyJwcm9kdWN0IjoiSW5mbyJ9LHsiZzMiOm51bGx9LHsiaW5qZWN0X2RvbWFpbiI6ImdoaS50cmFpbnRyYXZlbGNhLmNvbSJ9LHsiZzEiOiJ5ZyBuYiBkb3duIHBjZmFzdGVyIGJyIn0seyJ2MiI6bnVsbH0seyJ2MyI6bnVsbH0seyJob3N0bmFtZSI6InNvdXJjZWZvcmdlLm5ldCJ9LHsiY2F0ZWdvcnkiOltdfSx7Im9wdGltaXplIjp0cnVlfSx7InB1Ymxpc2hlciI6W119LHsiY3QiOiJjcGEifSx7Im5ldHdvcmsiOiJuYiJ9XQ==

http://serve.popads.net/popOut.php?c=10000000000&a=401987052&ac=7529718540400751

http://aym.lilyachin.com/.../?d=W3sicXVlcnkiOltdfSx7ImluamVjdF9kb21haW4iOiJydW4uZHZkYmVhdHMuY29tIn0seyJyZWZlcmVyIjoiYUhSMGNEb3ZMMlJ2ZDI1c2IyRmtMbU51WlhRdVkyOXRMMEYyWVhOMExVWnlaV1V0UVc1MGFYWnBjblZ6TFRJd01UUXZNekF3TUMweU1qTTVYelF0TVRBd01Ua3lNak11YUhSdGJEOXdZWEowUFdSc0xTWjBZV2M5YkdGdVoxOXdkQ1pzWVc1blBYQjAifSx7ImczIjpudWxsfSx7ImcyIjoiaG9zdG5hbWVfb28ifSx7ImxpbmsiOiJhSFIwY0RvdkwySjVkblZsTG1OdmJTOF9ZVDAxTURJMk1EWW1ZejB4TWpFd01Ea3dKbTA5TWpnbWN6STllM3RmYVdSOWZRLCwifSx7Imhvc3RuYW1lIjoiZG93bmxvYWQuY25ldC5jb20ifSx7ImNhdGVnb3J5IjpbXX0seyJjb3VudHJ5IjoiYnIifSx7InYxIjoiZG93bmxvYWQuY25ldC5jb20ifSx7Im5ldHdvcmsiOiJuYiJ9LHsib3B0aW1pemUiOnRydWV9LHsiZzEiOiJ5ZyBuYiBkb3duIHBjZmFzdGVyIGJyIn0seyJwdCI6ImJhYmMifSx7ImNoYW5uZWwiOiI5MDUwLTU1MTkifSx7ImFtIjoieWcifSx7InZlciI6ImRhZWYifSx7InYyIjpudWxsfSx7InByb2R1Y3QiOiJCbG9ja0FuZFN1cmYifSx7ImN0IjoiY3BhIn0seyJ2MyI6bnVsbH0seyJwYyI6N30seyJ1cmwiOiJhSFIwY0RvdkwyUnZkMjVzYjJGa0xtTnVaWFF1WTI5dEwwRjJZWE4wTFVaeVpXVXRRVzUwYVhacGNuVnpMVEl3TVRRdk16QXdNQzB5TWpNNVh6UXRNVEF3TVRreU1qTXV

http://mpn.wearetheknightswhosaynee.com/pop/1.1.009/?inject_domain=log.hoodsonline.com&product=LinkSicle&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3d3dy5zdXBlcnZpYS5jb20uYnIvbXVkYW5jYS5waHA,&hostname=supervia.com.br&v1=supervia.com.br&link=http://.../?a=502606&c=1210090&m=28&s2={{_id}}

http://ued.yaarop.com/pop/.../?inject_domain=gqi.viewersheetcolumn.com&product=WordProser&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3d3dy5jbHViZWRvaGFyZHdhcmUuY29tLmJyLw,,&referer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS5ici8,&hostname=clubedohardware.com.br&optimize=1&v1=clubedohardware.com.br&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=4&pt=babcc

http://ued.yaarop.com/pop/.../?inject_domain=apl.gamesrepairfix.com&product=Browsers&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9700-1043&url=aHR0cDovL3d3dy5hdmFzdC5jb20vcHQtYnIvaW5kZXg,&referer=aHR0cDovL3d3dy5hdmFzdC5jb20vcHQtYnIvaW5kZXg,&hostname=avast.com&optimize=1&v1=avast.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=6&pt=babcf

http://ajr.sirilol.com/pop/.../?inject_domain=nzt.divtickets.net&product=LyricsBot&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9060-2022&url=aHR0cDovL3d3dy51c3RyZWFtLnR2L2NoYW5uZWwvZGpjaHJ5emR1Yg,,&referer=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tLw,,&hostname=ustream.tv&optimize=1&v1=ustream.tv&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&ver=cakh&am=yg&pc=6&pt=babbk

https://edc.lilychn.com/pop/.../?inject_domain=ghi.traintravelca.com&product=CinemaP-1.4c&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9700-1043&url=aHR0cHM6Ly93d3cuamF2YS5jb20vcHRfQlIvZG93bmxvYWQvY2hyb21lLmpzcD9sb2NhbGU9cHRfQlI,&referer=aHR0cHM6Ly93d3cuamF2YS5jb20vcHRfQlIv&hostname=java.com&optimize=1&v1=java.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=6&pt=babbk

http://mpn.wearetheknightswhosaynee.com/pop/1.1.009/?inject_domain=log.hoodsonline.com&product=LinkSicle&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oe&channel=9400-1003&url=aHR0cDovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PXJjc1FVdTA4OFhBJmxpc3Q9VVVnTFdybi1pSTNLTUZqLW5PR29NOFNBJmluZGV4PTE,&hostname=youtube.com&v1=youtube.com&link=http://.../?a=502606&c=1210090&m=28&s2={{_id}}

http://joa.app-maka.com/pop/.../?inject_domain=gqi.viewersheetcolumn.com&product=ClickCaption&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3d3dy5iYWl4YWtpLmNvbS5ici9zaXRlL2R3bmxkNTMwMDUuaHRt&referer=aHR0cDovL3d3dy5iYWl4YWtpLmNvbS5ici9kb3dubG9hZC9za3lwZS5odG0,&hostname=baixaki.com.br&optimize=1&v1=baixaki.com.br&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&am=yg&pc=7&pt=babfj

http://byvue.com/?a=233200&c=1210090&m=28&s2=ZP&s3=lima-due-T1aL468V_oneinthepink,oneinthepink.com_&s4=WlYzZGJjNWZhMGU0MzIxMWUzOTMyMDEyNWFlOGMyMDVkOTE0MDEwMzkwMzA

http://serve.popads.net/popOut.php?c=10000000000&a=2808065690&ac=397144379225950

http://byvue.com/?a=233200&c=1210090&m=28&s2=ZP&s3=oscar-sue-1xvU5jgA_metakeys,kartodromodebetim,kartodromodebetim.com.br_&s4=WlY3YWUwZmU3MGQ5MzAxMWUzODJjZjBhYmVhN2IwZWFlMjEzOTk4Mjg4MDA

http://byvue.com/?a=510020&c=1210090&m=32&s1=DR_2759&pmp_c=2759&pmp_a=4992&pmp_b=&pmp_ts=2236&pmp_u=49&pmk=42236&s2=5470536ee4b08dda1f717999

http://edc.lilychn.com/pop/.../?inject_domain=gqi.viewersheetcolumn.com&product=ClickCaption&country=br&network=nb&g1=yg nb down pcfaster br&g2=hostname_oo&channel=9400-1003&url=aHR0cDovL3dlYmNhbXRveS5jb20vcHQv&referer=aHR0cDovL3dlYmNhbXRveS5jb20vcHQv&hostname=webcamtoy.com&optimize=1&v1=webcamtoy.com&link=aHR0cDovL2J5dnVlLmNvbS8_YT01MDI2MDYmYz0xMjEwMDkwJm09MjgmczI9e3tfaWR9fQ,,&ct=cpa&ver=dach&am=yg&pc=2&pt=babbk

http://n11.adshostnet.com/cr?b=4935&p=434&ch=similartohome.speedbit.com&cps=&c=927&l=BR&h=8888e66aa82cd816554a88a8d3c43e3c&t=1419519139056&u=http://.../?a=291192&c=1319013&m=32&s1=PC_FO_BR_020

Latest 30 of 322 download URLs

Scan pc_faster_setup_mini_b89_1179908841.exe - Powered by Reason Core Security