» sjte4sfoblrhhymburjnxigbxm7_has.exe
Overview
Analysis
File Details
Downloads (1)

sjte4sfoblrhhymburjnxigbxm7_has.exe

Tecnolab LLC

The application sjte4sfoblrhhymburjnxigbxm7_has.exe by Tecnolab has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.reqget.me.

File name:

Publisher:

Tecnolab LLC (signed and verified)

MD5:

27c4911f20857ab1153c319b504702c7

SHA-1:

fae7ed43ccaabfbc833ea04cdaf43efc7ea0b74f

SHA-256:

42d134c6ed12099ea75aac7395ce75f932faf64fbf87e46bcc18428066828ab7

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/8/2025 8:44:41 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

160118-1

Dr.Web

Trojan.Fraudster.1936

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Fourthrem

10.0.0.5366

ESET NOD32

NSIS/Fraudster.A trojan

7.0.302.0

F-Secure

Riskware.Application.Bundler.Fourthrem

5.15.21

Kaspersky

not-a-virus:AdWare.Win32.Fourthrem

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.213.4067.0

Norman

Application.Bundler.Fourthrem.B

11.01.2016 17:30:26

File size:

40.4 KB (41,400 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\sjte4sfoblrhhymburjnxigbxm7_has.exe

Digital Signature

Signed by:

Tecnolab LLC

Authority:

GoDaddy.com, Inc.

Valid from:

10/6/2015 5:43:47 PM

Valid to:

5/12/2016 6:43:30 PM

Subject:

CN=Tecnolab LLC, O=Tecnolab LLC, L=Lewes, S=Delaware, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

618D731DB99C586E

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:41cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJ/l2bI/6jGHEUr7:WQpQ5EP0ijnRTXJ/Qbdw7

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file sjte4sfoblrhhymburjnxigbxm7_has.exe has been seen being distributed by the following URL.

http://www.reqget.me/.../310714_mb.exe

Remove sjte4sfoblrhhymburjnxigbxm7_has.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.