home

sfhelper-setup.exe

SaveFrom.net helper 2.5 expB

Samokhvalov Mikhail Ivanovich

This is a setup and installation application. The file has been seen being downloaded from sf-helper.net and multiple other hosts.
Publisher:
SaveFrom.net   (signed by Samokhvalov Mikhail Ivanovich)

Product:
SaveFrom.net helper 2.5 expB

Description:
SaveFrom.net helper 2.5

Version:
2.5.0.645

MD5:
628cfce434b78dc4bd167320ebd1427d

SHA-1:
77d6f267acf52c21fbf68597560715e10b1d0183

SHA-256:
cf18fd1900a685b34d99ecfd087cb5485c50f2259e9f40bb344113fe95a537ad

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 3:34:33 PM UTC  (today)

File size:
7.3 MB (7,659,512 bytes)

Product version:
2.5.0.645

Copyright:
All Rights reserved © 2013-2016

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\sfhelper-setup.exe

Digital Signature
Signed by:
Samokhvalov Mikhail Ivanovich

Authority:
GlobalSign nv-sa

Valid from:
4/25/2016 6:31:12 PM

Valid to:
4/26/2017 6:31:12 PM

Subject:
CN=Samokhvalov Mikhail Ivanovich, O=Samokhvalov Mikhail Ivanovich, L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216F0FB76EA2C96134616CFB08D0F0266A

File PE Metadata
Compilation timestamp:
4/6/2016 5:39:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:NdsJMl1vER2uU7H5AlZ5rIwHlhGdtWBBq6iDkJOIssHtRA:XOMfKGz5q3rJWdtW7q6iDkJOIssg

Entry address:
0x117DC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 44, 01, 41, 00, E8, C8, 4D, FF, FF, 33, C0, 55, 68, BE, 1E, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 7A, 1E, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 0E, D5, FF, FF, E8, 5D, D0, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 23, D6, FF, FF, 33, C0, E8, 60, 2E, FF, FF, 8D, 55, EC, 33, C0, E8, A6, A0, FF, FF, 8B, 55, EC, B8, 58, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
65 KB (66,560 bytes)

The file sfhelper-setup.exe has been seen being distributed by the following 27 URLs.

http://sf-helper.net/.../file.php?id=01&f=02&country=ge&ts=1468043695&s=ac4842b9414253d7fd31b4097f12bc32d941edf0

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468262049&s=7bdd16d14252fa954112655b9c90b7bd68ef54cf

http://sf-helper.net/.../file.php?id=01&f=02&country=am&ts=1468087832&s=9a1b9410498a11a3e07b921f239d7dbd8ee5a363

http://sf-helper.net/.../file.php?id=01&f=02&country=am&ts=1468055209&s=352911b3e985eb0e308a8275e21fbbde68bca99a

http://sf-helper.net/.../file.php?id=01&f=02&country=ge&ts=1467979548&s=fc2f6edf797c885f04bbb962d72d0ce94a974836

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468005337&s=746fb3f77eda5f715fc748cb33093499eefb9c21

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1467998185&s=f91108f29ca61c366be2d33e06e7549c39a63ca3

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468070849&s=3b63250670fcafb950162e7912fc1190565275bc

http://sf-helper.net/.../file.php?id=01&f=02&country=am&ts=1468057133&s=6ddabab444eb81605e73a1fe5454c6122ca73a9e

http://sf-helper.net/.../file.php?id=01&f=02&country=lv&ts=1468053805&s=d87cd6f777d372a4c5784d80ae13f4c056ef6067

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468318962&s=1eb303d98a730117b51863a8fc42fb52fa6dae85

http://sf-helper.net/.../file.php?id=01&f=02&country=lt&ts=1468004125&s=392f76f2d7b6a6b830e9060027bc0ecfa315e2ea

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468262365&s=143e5f683b8991acf2bd33ddfb82cbbef22e566a

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468097784&s=9b8fa3c3cd009828d39b744032f8de4884e4341d

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468143862&s=e3f5560ac31cded93d49bc29ae011d252508ab43

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468100062&s=e36434ec58fd3b12024990e4cbea7798de0f449d

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468140498&s=aee6c0197b96a86ab7f06010492e1b8d9be47726

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468238482&s=3f05d58d37160eb3640d5e2106b4e5fc020e9f2d

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468238169&s=326548a4c22547629487579c708279e2deca1cbe

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468154256&s=2bca43f7e63ec0ea18fafbbf19ba7e8de521f132

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468083300&s=666b6f100a83cb0fa80c4f9e116e7fd41d833216

http://sf-helper.net/.../file.php?id=01&f=02&country=ge&ts=1467984286&s=83d096ada8f807d4adaf8c41077614e92292b1ed

http://sf-helper.net/.../file.php?id=01&f=02&country=ge&ts=1468214717&s=624148c56c3e63d9ff2f3580630cdf3ff33ea0bc

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1468042480&s=f549c32cff1597343f05a96cc3d59cba3c6f9840

http://sf-helper.net/.../file.php?id=01&f=02&country=lt&ts=1468264328&s=cbc1c6ebc156334bf873c88745a3b63d06e598a3

http://sf-helper.net/.../file.php?id=01&f=02&country=ru&ts=1467994312&s=d44691a027d85eddd31b9cd1880d9f24b3580a74

http://sf-helper.net/.../file.php?id=01&f=02&country=ua&ts=1468136851&s=ef9c6fbd34f26ef5a5cbdd21ef0a8d4ff6f653e1

Scan sfhelper-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.