home

sendanywheresetup.exe

Send Anywhere

Estmob Inc.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from software.naver.com and multiple other hosts.
Publisher:
Estmob Inc.   (signed by Estmob Inc.)

Product:
Send Anywhere

Description:
Send Anywhere Setup

MD5:
c4baa26435e07e7234410828be5f9081

SHA-1:
39e16a625ea690fae56157dd2d98f585c07c7e2f

SHA-256:
4a5afaf7b7729f13bee4f7580befcb79d65454fcaa2be647f70fde4d1c90b155

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 6:39:58 AM UTC  (today)

File size:
15.8 MB (16,617,736 bytes)

Product version:
1.6.10

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\install\sendanywheresetup.exe

Digital Signature
Signed by:
Estmob Inc.

Authority:
Thawte, Inc.

Valid from:
8/14/2014 1:00:00 AM

Valid to:
8/15/2015 12:59:59 AM

Subject:
CN=Estmob Inc., O=Estmob Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4D9F2A0005B8C74F8B3E639AA7CD04D3

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:DmVOPZBHv5SsMbTdk10swpwfmg8S1bPBr2PjZ1I00:iVOPZDg+msuslTBCPN1I00

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9999

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file sendanywheresetup.exe has been seen being distributed by the following 4 URLs.

http://software.naver.com/api/.../httpDown.nhn?softwareId=GWS_000816|all|GWV_006492&key=2b8fb33084a104eaded7a5c33db9b219d8fb565c9b46ec1ee77192068812d3af100de4fe3c16e0c4513be436f6483064c9052d86fc76fad95812facf6d2190280297b005d9f48904fd683bf5a737c9805f184f3d506e871d35d771ebb419d86199f9b834c9b9af8bac9e722496ec80be25a494e8fa6a5e7725c7002d1b8df0720e5c87f6a4c20a56a97d56f721f7e4b9506930301f344659b80bc06069ebe84ff4b98cd8f01b3196823a125800f1833ff44aaf9de55e74e107f71d3663cd1d4fab6ad6bab7b7970c031cd4bd388717f425af0dfe611f82f9542c2e2e93392cbf4b5e3a139125ecb9ad345008b344c0203d9f09eb62f319a94be4a0a248c4b5e21ba976c1eaacf4f8fc7ec065b4020f24

http://mandrillapp.com/track/click/.../update.send-anywhere.com?p=eyJzIjoicTdVVndoU08zSDVpdmpDWmJFczlrX3l6R1owIiwidiI6MSwicCI6IntcInVcIjozMDU2NDQ3NCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3VwZGF0ZS5zZW5kLWFueXdoZXJlLmNvbVxcXC9kb3dubG9hZHNcXFwvU2VuZEFueXdoZXJlU2V0dXAuZXhlXCIsXCJpZFwiOlwiMGEyNDI4MGQ5ZjRkNGVhOWJjMmE2NDFmZWVhZWQ2OGRcIixcInVybF9pZHNcIjpbXCI4Mzk3Y2IxNDExNDZkMWFjMTAwYTE4MmQwNzhjMGYzODQyNTljZjc0XCJdfSJ9

https://update.send-anywhere.com/.../SendAnywhereSetup.exe

http://mandrillapp.com/track/click/.../update.send-anywhere.com?p=eyJzIjoiQmdKSkUtVi1oOWZJNUctT2VHOHNETUNXS3M4IiwidiI6MSwicCI6IntcInVcIjozMDU2NDQ3NCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3VwZGF0ZS5zZW5kLWFueXdoZXJlLmNvbVxcXC9kb3dubG9hZHNcXFwvU2VuZEFueXdoZXJlU2V0dXAuZXhlXCIsXCJpZFwiOlwiMjgwNWU4OTZlNTRhNDVkZDllYTQzNTU0ZTVkNmI5YWFcIixcInVybF9pZHNcIjpbXCI4Mzk3Y2IxNDExNDZkMWFjMTAwYTE4MmQwNzhjMGYzODQyNTljZjc0XCJdfSJ9

Scan sendanywheresetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.