scp3534.tmp.exe

SlimWare Downloader

Slimware Utilities Holdings, Inc.

The application scp3534.tmp.exe by Slimware Utilities Holdings has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from ak.ssl.imgfarm.com. While running, it connects to the Internet address server-52-84-174-176.gru50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
SlimWare Utilities, Inc.  (signed by Slimware Utilities Holdings, Inc.)

Product:
SlimWare Downloader

Version:
2.3.0

MD5:
8b420abf8e0583395402aacccf699a0e

SHA-1:
19354a99e2b84aea94a3091461c23baf71dc58e7

SHA-256:
64b9d90006624719e7b609f6db1aef792b259aa433bb25728f772a1312ab82ed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:25:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.SlimwareUtilitiesHoldings
15.5.27.21

File size:
200.8 KB (205,656 bytes)

Product version:
2.3.0

Copyright:
Copyright 2014 SlimWare Utilities, Inc.

Original file name:
SlimWareDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\local\temp\scp3534.tmp.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/23/2015 2:00:00 AM

Valid to:
1/7/2018 1:59:59 AM

Subject:
CN="Slimware Utilities Holdings, Inc.", O="Slimware Utilities Holdings, Inc.", L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
246BBE812B36C137225497BA8DF178FA

File PE Metadata
Compilation timestamp:
5/20/2015 11:22:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:YZYmkE9tRla5nCuTPnNJPLpVwvhz15/wmJjs7UpsqX5Dy:YZ7d93lEY55j2UtX5

Entry address:
0xFCC2

Entry point:
E8, 39, 7B, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 04, 33, C0, 5D, C3, 53, 57, FF, 75, 08, E8, A3, 7C, 00, 00, 6A, 02, 8D, 78, 01, 57, E8, C2, E8, FF, FF, 8B, D8, 83, C4, 0C, 85, DB, 74, 15, FF, 75, 08, 57, 53, E8, F4, 03, 00, 00, 83, C4, 0C, 85, C0, 75, 0A, 8B, C3, EB, 02, 33, C0, 5F, 5B, 5D, C3, 33, C0, 50, 50, 50, 50, 50, E8, AC, 0F, 00, 00, CC, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, E6, 0F, 00...
 
[+]

Code size:
117.5 KB (120,320 bytes)

The file scp3534.tmp.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-174-176.gru50.r.cloudfront.net  (52.84.174.176:80)

TCP (HTTP):
Connects to ec2-52-5-122-159.compute-1.amazonaws.com  (52.5.122.159:80)

TCP (HTTP):
Connects to ec2-52-200-95-59.compute-1.amazonaws.com  (52.200.95.59:80)

Remove scp3534.tmp.exe - Powered by Reason Core Security