» sai russian pack v1.exe
Overview
Analysis
File Details
Downloads (26)

sai russian pack v1.exe

Tohekat

SpeedyPrompt (New Media Holdings Ltd)

The application sai russian pack v1.exe, “Tohekat Setup ” by SpeedyPrompt (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.newtourshare.com and multiple other hosts.

File name:

Publisher:

Kup (signed by SpeedyPrompt (New Media Holdings Ltd))

Product:

Tohekat

Description:

Tohekat Setup

Version:

4.8.4.0

MD5:

c9404ec254d84df6f5b3ab84d2a196e5

SHA-1:

499a3a5f889e49b218b6bb60aba22347ef12149b

SHA-256:

09d0c16cce13b8a4c08c8670a00dc7672554977dd623ee480769043d0c13b00c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/26/2024 8:16:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.NMH.Bundler (M)

16.3.16.17

File size:

951.1 KB (973,912 bytes)

Product version:

4.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\sai russian pack v1.exe

Digital Signature

Signed by:

SpeedyPrompt (New Media Holdings Ltd)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 4:27:56 PM

Valid to:

6/1/2016 6:18:59 PM

Subject:

CN=SpeedyPrompt (New Media Holdings Ltd), O=SpeedyPrompt (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217859832E1C02CFE81458CC264243B14E

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Y7MtbV/r2oxmgWeLEYb2VxnJ+cCkCMm4xQuM:YwX/r2YmHIMxY34xQD

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file sai russian pack v1.exe has been seen being distributed by the following 26 URLs.

http://www.newtourshare.com/w9YqFOyosEzfO24vIgEIDmkjfXgim8KIbHE6eqL3r8uJLFHtZIHFb614N_msFgf3jVrK5HyEFGCxZYK3mjUIzpy5GNUMsu9zRCGwFvFs5znzsVqMYxCp7WNcLQxIH3ajWL_AGWCTyL71E2dELpJLBxOJvtnKb84ojhCJKSCMGHlqer6Ij7uqQDk_R9_tvEBj6JdJpI_0YrHNWiYqbm5QmYPGNX3Wz1XesBAy0QRsJwzyBcqhZLFcX1uANC1_cseq0n7BHFbAS8XyAYAK4dJxGh4xKJrA3bj6UWHQjqXyVWQuE8YzSP5skoAPla1QdBja2rBMh4nm1pr4bq4VvYK3aJkn1OSKWOChqf rNpXWxnQ7b_rsFfg=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/qF3fhnYZVCcDUwWemQYpymh9iHeiyYhGAqOnuAGb8WT_TV_l7vrAoxFx7hnBnEzg5UfvLv28AEiHvroeygvQY1nOX9_Mz2oimHypRnsJzAn00aFCLP4kCjy qPgAcB3Qrskh2YvrXPv3kWo0OxxmdW T1SYXtpHe5c8OlVXHERN7Pm6Nluq0hqScHaU4cmKWNaVWHSw_MfTclWerL_3WSjrh8Kl5pz0hmpUzAGnKlGGS2Cw0cTkZASmLx_DdIxsTLMk8O6Kx6uxRnDbf1SkfytQ95k0rIQjLuJGDNCok3B8X7EzdLq_GuL1FFuSu3J_EFEDj7vD319qruuRqFatC8oX4O3m slMy m8BCx4_N0SPSM5usac=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/TxghqceugvK85ZtISOGPR_Gg1QdJql3YvNsEXGm_SSeJBbbOJEL0QelCeLvjRjNHsXDnajFUZbu2K560HmubwvCxI5NMWlY_G8vRE3MWOtMIVe4qDAJtUMqkmTo8q2zJN6Maj0apoeVvgsltMhMKaFl8_xaSz1Wd3o_eMG30ceSdYYbu 1iVk_cWOFYXRSjojLSmppy3DNTg3ynfABGJ4Q15XhxiKi uKltjQiMitX5Ha8XAspsRxPLSXNjqfK0oFRtx PN8J vqFKammZ_vi0MT1it9aik_XQx5HqFN sXRYHQ4Bx4q2pEGOdlmNZ sJo9kdRQplXkuyd11Dc9m1QQPqvIRdsjhpdccPxShCr1_iOeRE18=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/Bocw41K4nCQfDoWWo7e GQ5rvEabc8j V9CR2h guNhsqpNugmJlM1V1eEy78YTRfbu8HZkGOypqVU61Wu8zhYCIC6uaZRfvGWEvC0IIaHwpxD5M7GkKmVDo5w2I42lkk4xFmnLSO72DdJHIhmK6_GlA8BOiUvyU58o4yjS9yKEMFF9d85LH5MbehZEeWp0h4YwcwVjU475SdPLDb9S0J4sRJDEvs43NxxPgRH0oKzjIJsqH5nfsYLk4tqzmHFBOH5era5iqjHY3JGxme3AbMKQgjLlnXWn34SfrMhp2p4ERGjwR2r0MwDb3RxAOJ9Z1eouEYr2wOgYYERcj0 vZxrlVtkWXEttxoRtxDa0veYhU8dTF8dM=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/c?x=RHqDCdvP4Pl/72OKEd3Vy0ovo00KodpAE7p19i1UwF8=&c=7rlspo3OVW 9PJOCWw0CVK9YfP8HJbFmW0KdoKCyjNmPfbziIUOmxAsanc wKGWwrWam7fORoi4Ii2ilt6MXYKxB0usRcz3dmpSmide/PUi5YhDeZyw2HQxBWmJdUUVQ&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/6eauUe7zcx9EktPXNh1d5_p2YqU3p5BKOV5ujY7KQFZo9LbLhZJpnOruN8WhI02pA6aigWiXR9tnN7a_lznJFt48EiXvmMcDA6rAyV37Ssb8tTeBoUi4_eXts1fSSPS7KA2UWpvs4G3lT5zDikmWfKtNaCkq IK3GlULcOl24qFQJ uAqLpBwJVRx8iD0TcJwPk4E7iYjW7c2660Iq4zNt_zC3vRpSvOH9uW6glBHAphSvP mLrTvFHtDpmSuKCrlAqcxSex5YTU0tbR8qVuIHDPKabNB2NfzUABl4JCMbWI2BCGfPDmKGqy0qo6aSxDTdVBflb6O5K1B_ceKfLHmRJ9RCwDfDTKc0c2eFsU1dHTb_RNr5Y=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/Y4 sqsLqJztDVq7Bnxzs0CdXrGDk1uPdmzOTXoT9VADjfBNg6lIta8THo1CtIvj8_icp1kpac_rlyHfOycqNxf6gS1eX6A_2L B9StAhsRv3ABlJgE2Ok03u97qhv0E0MzXV2Js2LyLDXctNGIoHdR_1GhJ9j4POhTnsbk6kWp8G5w8nGFurvB5XgVA1pFyBR04OEpX559Dkof222C8AVZTyJkh_rnKAqCO86zQVstVvk5COnMP7juVGEQBvg UqAgMKzsDv3IzyDSJ_zjmSY9 Vwmf9GC TxlQnRxYJ69TE1ld1pZ61R6_8U9UFYM b54ArE0s5ZJI6XHO2HDEgDuD uPw73nCbpRkIWB1Vh6vVDFCvInQ=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.newtourshare.com/c?x=0M3NVQrdrFNLDQ5jodDxHS65RfrMAI8NUfSDstkvbuc=&c=XFFPAIaYqtjLeGXbjvWOYaT7sLfyHvnlpBzznl0r IE5KlovIETPW5FHbBt0vvVpu/0s5a4cxT4g/uoms4yR0a0lcEmLwCHQCF2m/o1V2X iMuqVK3TwAO9W/6O87T z&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=EhyPNVYbkVCto936oqMwH4j7dj2jcqY20dbK2ob6NPA=&c=VeUfJVOYKNn8/KWK5pI0MMke ZNR8i8Czvo1e0JIfpSKjo4srgiAWVrm3bmf99/mDFy7ZZlLckNazNqno3tDLEYwCBtMw2hVfe/tfgo29XAhXHWrViavegwIVApF1WlO&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=qFojgNGEbeX3a78tznHQUThDPY2qbTqBWHvsqNAcABo=&c=Th8ZULB0R41Hs/tTGlk2fLDOlwrvKh8Ek8FvXXMq/rjDcR3muXIJ1h2 jqZH8TzpsRwtbncaQS2Egt54LVb8yBNWM Nh4OkKKxQotXYVScYTj8f2w8XDVKgQ4lepdYZ2&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x= 3CJjYPLaUxImj/12dmuHd3ENi d5nFoe4fx3oBvXaQ=&c=S6BGmAsaJZIFOuekP LXnzGtAm20xHJxZd14lOuzn0RsXhWCP/PPYeL9bQtCzHEGfk2juPCu8Ck6txf0lW0HVuIyGcQDPiP2BOQ F1gFk0rginZ3bMsdklGU2HQBAhcB&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=lqpIRV77TqOfWJviZF5p7zrE65YBDYQZ0a/wnuFLQVc=&c=YXoIKcW4sOLZT beJpxLVuOffr /PG3y60WmMb3BjFhsEY9rzr1Rul/fBYfFGQuc2JMo/791z6s/dh4GZqigvAwMh7gqJxa f/7dNZzNeW4eh5uiR4p5A271vLMm8Vg2&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=i8PA33WvhHrDgc6l78wl65Ao/1LYB WaOF8YDNPfbb4=&c=kNJXeucq/cv8s9PvB9g9qhAorVhQTpBhBpdENeYaiuzzhDTY9Ev SMH8m3x5LfXDPaA7037jAclyaloxXQb1QCPw1X49 m6F3nRIJlxG vmtF04nEp044fLauVrvLiH6&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=MyPvIeidxaD9xI5Hlzl7h5ZVhYm/HNM Qgs9RcGGvWg=&c=znt7mjgIxaO7s zP9NEqaqG6H6PsJgSst1GiIPr15xtLCERZiN2NW1rgXbFTzifCJTHMm52HaoDWIjTp4fqivsz9/IOlKcfeYDrQzcBB4Zqa0dKIS4TK4RNGpCBsNk W&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=HUylbxYg Mdo /WTB8b1JB3g2F1q6Un/xcssFliIC I=&c=AqQiW7WX8sk28LF/41cZ4iFFqNpSw6Zwphvhk7Q21KVXkCxXZLOzz6JjqT3E5pchlFTge6k/Upm6I1XeqowWDuEivcqp238Jb8drUIPJ933VGJ7qo6JfQmwhc5YIDttU&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=d1thgyfhQ1NdLI//KV3pF3kOXjU3yP1JUzS7bDPMeMQ=&c=vTryrJZoH9KABiB HYnzI60mAKXRF1l27niDlBHJ06PHGKoTFvVYjI7SJsIDgEZzsaYCNqYNuM dXdo8GWKt9ensK8SQztpREEq7nXEz5/RFqFL6qkRP nZ80if502Z9&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=c3hPZKzrqdHlmNdXQp8CXNuLfi8JIvTFBzunaxeHF98=&c=OT9S8Y8fX0nmknTMpSMllN/cieqq14/kUSgg85O ZaHhks85U3y3q dwjXvsdkb8pBxEb5voSUUwKrAo8X 0rsIriDscH /FO8ziLswpALBNHCpi02JW IArgshPCARg&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=8d3wu2h3Zc2cwX EwvUPxvhkG/SU4PV8AkoCa9ksyRw=&c=TOss v602nQNUpPp/mTF4bdgsHD5aSfCbjsQmnAMsxIiVotFfwcCSY149OUrnAW0T1IciGQJDEGVCejlg3YaoiE/qS3s/6idSt7Tc6qkBw vsXrdPl rDN7Y3uQq7fbU&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=DCRSxEq3womUkgpsB0ckifRLbCSbaTmYBmXx316JH/Y=&c=e4 EBcbNksXNV1GXY u8pTckz3HR8iLWdlHw4yBbHtfnDrTFrHqJ7JqnayDifVfTQup7j9wFqAoEgYzydRa6cV/E5uTAnSYriUcSa DAZj0VVTTUB1w/piQhf4UCQBNn&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.newtourshare.com/c?x=AyFURZWMAlwhI1g8XBO5 AWdHkrUdnqoNjgbXp5pKp0=&c=yyrjjLPR2lh2GSyUM4iXzY4TAOEB3Afi2V50MHgu1bZ8B3QQBj7oLgRk5lYuFr49nwWbWLL9PMBBFwFG7rW02serybqPZDb7z0THllA6xmhV2wg2BOjqwBph620Y4jBJ&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://cdn.zayatsdelivery.com/c?x=Y61AvYKv8Evhv96zztRcQAWJOOSnbYOW/ukjce9D7fA=&c=xunB4XtR2brYJrxQS0gyiaFkiaA TTu2v8vg2wAlL ofac4FhSQZX628A6Vbepoo9yIndSogRW3JtATg7nC Qgg52SQB8kXTYl2qJMJ77tvrvf0MWDLK QIYLdUVCT1&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.bitsuniversepackage.com/c?x=g0JNFQDa2TRco9 La3ugOrcGza iJaFjcKMg5zUMSys=&c=DmWF/10hshFuJxM9s/y2iumL8DMyNKS2IVjDKhfcSqi349Y4B5WGIOpATRw 0UlCk9gN8 vKc8lUulamb1Fuc6qoif0iqFSuVSMmDmQ lOOAfk5QEkmXanxpFHkNIed2&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://cdn.zayatsdelivery.com/c?x=7 OL0wpFlJBXJkbB9gxjnBVFEEKDDxlTjF1VfaOs1ls=&c=9l3XTnbetU/yfIAG61zCQ3w2WglR w aWuJlW LPXDOt1UwOLQCxAHxc4dznqsf6p9dyUhh0ll/BpacN/J1GZEW1rtpjxQrAnMrOClpRktoBX1lNqk9jUjI82VTKcp2y&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://cdn.zayatsdelivery.com/c?x=EIBivU9zbRcJ8B97FSn21T40Vt7ak95p4qorFnQLrwQ=&c=lTAgQJOjbifSyW3ddVwxikjsCbzHrcsx6iUIZ6WlJd2AeV6a0/c7rXOm/V2e02pniPNAhOQQah//DFa6xz8s6uD510gxSi4ohDxG28YtpPVwKqBbFs2fOxw73uNiav2b&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://www.bitsuniversepackage.com/c?x=B5WGnR/FfQUqz7Nb0pb7Sojhw9fAE6VFef5J96xvpjE=&c=BO TTcgS3M52yjziyrxoxJmJcEDUp88KFP0vua1S7fWzvcuVsEtI72faVBZ1MFgmnZhwytIOj5OeM4KJu1lXDZ5EEzQSDours8Mca8S960iCRqk0ymUSKrqjAVa7geTi&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

http://cdn.zayatsdelivery.com/c?x=EdT2hsBnTbEvegSnZUJbn9dRdqqqCdQc32THrDYIQ7c=&c=qv2k4MJ9Z uh/BbFXGdmoO1KBerv6y2Kv2wPxOpeS5QF8ykpqX1QhfjLRUp2f/tG28E7XneTB3t3/idJ SWIhTJRG6UCEuII4AsdYP4YaWBou8dKqaH5StEZS0x2HIvo&downloadAs=SAI Russian Pack v1.exe&fallback_url=http://.../test.exe

Remove sai russian pack v1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.