sdi_x64_r524.exe

Snappy Driver Installer

www.SamLab.ws

The application sdi_x64_r524.exe by www.SamLab.ws has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address projects.sourceforge.net on port 80 using the HTTP protocol.
Publisher:
www.SamLab.ws  (signed and verified)

Product:
Snappy Driver Installer

Version:
0.3 R524

MD5:
3d3e9eb80eff69a25bfb01ce7d4f82e2

SHA-1:
05a29015efb2bc4f775d116c134f1a4a726791d6

SHA-256:
e69e93d3d137ed5a26713ac6d5d1cbef9c2dcd122b563c3b89477db48e294163

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 3:17:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.21.3

File size:
1.5 MB (1,576,664 bytes)

Product version:
R524

Copyright:
GNU GPL v3

Original file name:
SDI_R524.exe

File type:
Executable application (Win64 EXE)

Language:
Arabic (Saudi Arabia)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sdi_r524\sdi_x64_r524.exe

Digital Signature
Signed by:

Authority:
www.SamLab.ws

Valid from:
3/7/2013 6:04:50 PM

Valid to:
12/31/2039 6:59:59 PM

Subject:
CN=www.SamLab.ws

Issuer:
CN=www.SamLab.ws

Serial number:
0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata
Compilation timestamp:
11/17/2016 6:26:12 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
24576:AU0a4ZtsyOrwpK+bPxZzANIJbY0rTMkBfriPw4gAZ2OSMxa9yikSmcaemMFM5qbj:ptoHbPxDJbRrQkBgrNxxaAtMa2

Entry address:
0x4FD390

Entry point:
53, 56, 57, 55, 48, 8D, 35, 8A, 5C, E8, FF, 48, 8D, BE, DB, DF, C7, FF, 48, 8D, 87, DC, BF, 4B, 00, FF, 30, C7, 00, 17, EB, 07, A8, 50, 57, B8, 78, B1, 4F, 00, 50, 48, 89, E1, 48, 89, FA, 48, 89, F7, BE, 65, A3, 17, 00, 55, 48, 89, E5, 44, 8B, 09, 49, 89, D0, 48, 89, F2, 48, 8D, 77, 02, 56, 8A, 07, FF, CA, 88, C1, 24, 07, C0, E9, 03, 48, C7, C3, 00, FD, FF, FF, 48, D3, E3, 88, C1, 48, 8D, 9C, 5C, 88, F1, FF, FF, 48, 83, E3, C0, 6A, 00, 48, 39, DC, 75, F9, 53, 48, 8D, 7B, 08, 8A, 4E, FF, FF, CA, 88, 47, 02...
 
[+]

Entropy:
7.9951  (probably packed)

Code size:
1.5 MB (1,556,480 bytes)

Windows Firewall Allowed Program
Name:
sdi_x64_r524.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to projects.sourceforge.net  (216.34.181.96:80)

Remove sdi_x64_r524.exe - Powered by Reason Core Security