home

sfhelper-setup.exe

SaveFrom.net helper 0.0

Samokhvalov Mikhail Ivanovich

This is a setup and installation application. The file has been seen being downloaded from sf-helper.net and multiple other hosts.
Publisher:
SaveFrom.net   (signed by Samokhvalov Mikhail Ivanovich)

Product:
SaveFrom.net helper 0.0

Version:
0.0.0.645

MD5:
c1ba2baff619538f022abaaa388aa2e1

SHA-1:
a013cb56964b97d7f4bac46f992131073b418d33

SHA-256:
e3c0013bb68c7130a80af701a061c7f96e2ff19170323507015599eb0013dfcd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 3:31:52 PM UTC  (today)

File size:
6.1 MB (6,373,744 bytes)

Product version:
0.0.0.645

Copyright:
All Rights reserved © 2013-2016

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\sfhelper-setup.exe

Digital Signature
Signed by:
Samokhvalov Mikhail Ivanovich

Authority:
GlobalSign nv-sa

Valid from:
4/25/2016 9:01:12 PM

Valid to:
4/26/2017 9:01:12 PM

Subject:
CN=Samokhvalov Mikhail Ivanovich, O=Samokhvalov Mikhail Ivanovich, L=Saint Petersburg, S=Saint Petersburg, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216F0FB76EA2C96134616CFB08D0F0266A

File PE Metadata
Compilation timestamp:
4/6/2016 8:09:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:rdsJMl1vER2uU7H5lQDGVzp+xVIIwHlhGMtRQ:pOMfKGz5lQGzsxVIJW7

Entry address:
0x117DC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 44, 01, 41, 00, E8, C8, 4D, FF, FF, 33, C0, 55, 68, BE, 1E, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 7A, 1E, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 0E, D5, FF, FF, E8, 5D, D0, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 23, D6, FF, FF, 33, C0, E8, 60, 2E, FF, FF, 8D, 55, EC, 33, C0, E8, A6, A0, FF, FF, 8B, 55, EC, B8, 58, 86...
 
[+]

Entropy:
7.3900

Developed / compiled with:
Microsoft Visual C++

Code size:
65 KB (66,560 bytes)

The file sfhelper-setup.exe has been seen being distributed by the following 50 URLs.

http://sf-helper.net/.../file.php?id=default&f=&country=th&ts=1468163780&s=90de9240fb9e45609777e993fedacabff17ec7e8

http://sf-helper.net/.../file.php?id=default&f=&country=tg&ts=1468181627&s=477da175323c0d249821d41d3ba53494158156a5

http://sf-helper.net/.../file.php?id=default&f=&country=sa&ts=1468183609&s=96426f960e9400724bb3fbf5b494024e9e992cd0

http://sf-helper.net/.../file.php?id=default&f=&country=br&ts=1468197587&s=c703cb6fde940beab06c23377309dcb0e48d8872

http://sf-helper.net/.../file.php?id=default&f=&country=et&ts=1468054832&s=f0b19ef3cce5d4cc332f61920bb99a00d61019ff

http://sf-helper.net/.../file.php?id=default&f=&country=id&ts=1468279533&s=d57b265b8e1f0d8522eb15736709e69d079f3dda

http://sf-helper.net/.../file.php?id=default&f=&country=in&ts=1468126131&s=55fc8c315bf73fe61be7a3e778238319fbc721bc

http://sf-helper.net/.../file.php?id=default&f=&country=br&ts=1468289880&s=e63a74bc6619689d922ffc280925bd65577855a6

http://sf-helper.net/.../file.php?id=default&f=&country=in&ts=1468295667&s=5d269e4b566d728d1b208299f8cafa121b216b74

http://sf-helper.net/.../file.php?id=default&f=&country=ng&ts=1468060368&s=1de8bcc9ff897aaf105132bbc1ad31e46a63fe6f

http://sf-helper.net/.../file.php?id=default&f=&country=mm&ts=1468059178&s=53401126354f18de1b03f07711794f18863dad0e

http://sf-helper.net/.../file.php?id=default&f=&country=in&ts=1468312813&s=7b244011af5ec2d92acdc9c58774bbfadbe01269

http://sf-helper.net/.../file.php?id=default&f=&country=it&ts=1468168173&s=1a542f137d47c4d99f2721b972f78d45ac51241c

http://sf-helper.net/.../file.php?id=default&f=&country=mx&ts=1468266082&s=dd40b06b8136541ba9e3407006afb7393fe7784e

http://sf-helper.net/.../file.php?id=default&f=&country=sa&ts=1468007759&s=f1a5050e114aab0252b0617fbb656d187e4ec873

http://sf-helper.net/.../file.php?id=default&f=&country=ro&ts=1468065943&s=6508c14efe0086748a565885f6b08700fbdc1084

http://sf-helper.net/.../file.php?id=default&f=&country=it&ts=1468146318&s=911c44e2d801ea335244970327b5ae4a1e4f5b19

http://sf-helper.net/.../file.php?id=default&f=&country=br&ts=1468095789&s=6279532a8d7ca0b3b88d22cd5589c7270147a098

http://sf-helper.net/.../file.php?id=default&f=&country=co&ts=1468078080&s=fd931e87b75d5883182e7f6bdf7134db78f44028

http://sf-helper.net/.../file.php?id=default&f=&country=gr&ts=1468138468&s=2a2766856d67692660099d1f5fc08aa25a05a380

http://sf-helper.net/.../file.php?id=default&f=&country=dz&ts=1468176321&s=b1bed3183ac886ca440144f61fead3e06a9dde39

http://sf-helper.net/.../file.php?id=default&f=&country=ec&ts=1468188615&s=278537d57053e5dc5b249816c37f45609154c395

http://sf-helper.net/.../file.php?id=default&f=&country=mx&ts=1467992258&s=9a8eb886f231cf016d78aa6f4d5a546b16d6c14b

http://sf-helper.net/.../file.php?id=default&f=&country=fr&ts=1468310459&s=281eafbe164080097bbc08de61c281cc2a985e1e

http://sf-helper.net/.../file.php?id=default&f=&country=eg&ts=1468221870&s=0955b9d9ece93e4fcd57c34ef37c9fbe5d88564e

http://sf-helper.net/.../file.php?id=default&f=&country=it&ts=1468151580&s=65a4332b00e9aeaf083411186f40b1a6310ace6a

http://sf-helper.net/.../file.php?id=default&f=&country=pt&ts=1468001107&s=ab7e16a65df64288f09fa68946ca338486a258e8

http://sf-helper.net/.../file.php?id=default&f=&country=mx&ts=1468085508&s=8bde618a72cd3026fc4367dddee3302e9ab7800a

http://sf-helper.net/.../file.php?id=default&f=&country=sa&ts=1468284018&s=f3d244b971207b93f0e361c63eefe8df9a54203e

http://sf-helper.net/.../file.php?id=default&f=&country=id&ts=1468300386&s=1d83c3eb996fe8405a2194b6dc95900d9b5e4280

Latest 30 of 318 download URLs

Scan sfhelper-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.