» sdf5463.exe
Overview
Analysis
File Details
Network (3)

sdf5463.exe

Installer

Stepitapp LLC

The application sdf5463.exe by Stepitapp has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

sdf5463.exe

Publisher:

Stepitapp LLC (signed and verified)

Product:

Installer

Version:

1.0.0.0

MD5:

ad3695b1ee53a0646f43f4462d0ba2cb

SHA-1:

91b3305b3c4355ac5f081daee5e63f3c05d202fd

SHA-256:

cd7e6520820e83c4e57f71465b12908a5d6379c0edf6c98b983408de30efb494

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/27/2024 12:25:11 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/Downloader.Agent.I potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.Installer.Stepitapp.H

14.12.8.1

File size:

350.4 KB (358,832 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller_dotnet4.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\sdf5463.exe

Digital Signature

Signed by:

Stepitapp LLC

Authority:

COMODO CA Limited

Valid from:

12/10/2013 6:00:00 PM

Valid to:

12/11/2014 5:59:59 PM

Subject:

CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata

Compilation timestamp:

12/4/2014 3:28:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:rClMuFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VyaOLu7D:rClZZwgVxGq86oH/MKvnolgyxQD

Entry address:

0x55B4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7919

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

335 KB (343,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove sdf5463.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.