sdf5463.exe

Installer

Stepitapp LLC

The application sdf5463.exe by Stepitapp has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Stepitapp LLC  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
ad3695b1ee53a0646f43f4462d0ba2cb

SHA-1:
91b3305b3c4355ac5f081daee5e63f3c05d202fd

SHA-256:
cd7e6520820e83c4e57f71465b12908a5d6379c0edf6c98b983408de30efb494

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/2/2024 3:19:31 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Downloader.Agent.I potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Installer.Stepitapp.H
14.12.8.1

File size:
350.4 KB (358,832 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
FinalInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\sdf5463.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/10/2013 6:00:00 PM

Valid to:
12/11/2014 5:59:59 PM

Subject:
CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata
Compilation timestamp:
12/4/2014 3:28:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:rClMuFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VyaOLu7D:rClZZwgVxGq86oH/MKvnolgyxQD

Entry address:
0x55B4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7919

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
335 KB (343,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Remove sdf5463.exe - Powered by Reason Core Security