» smilefiles_downloader.exe
Overview
Analysis
File Details
Downloads (1)

smilefiles_downloader.exe

SmileFiles Installer

CandyMandy LLC

The application smilefiles_downloader.exe by CandyMandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from d.failsmail.com.

File name:

Publisher:

http://smile-files.com (signed by CandyMandy LLC)

Product:

SmileFiles Installer

Version:

1, 0, 624, 1

MD5:

d6dd5770bb724cfb6311c622c642deed

SHA-1:

6d9c6514a3f30f21bf15baa2461f71dfd947cb36

SHA-256:

625c4de88ec224312785450fe2a425356e5679317f72adbdfb979c11a55db0ed

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 9:36:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CandyMan.Installer (M)

16.6.17.13

File size:

3.9 MB (4,083,144 bytes)

Product version:

1.0.0.1

Original file name:

SmileFiles.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\smilefiles_downloader.exe

Digital Signature

Signed by:

CandyMandy LLC

Authority:

CandyMandy LLC

Valid from:

3/25/2015 6:18:45 AM

Valid to:

3/24/2016 6:18:45 AM

Subject:

CN=CandyMandy LLC, OU=CandyMandy LLC, O=CandyMandy LLC, S=London, C=UK

Issuer:

CN=CandyMandy LLC, C=UK, S=London, L=London, E=admin@candy.com, OU=CandyMandy LLC, O=CandyMandy LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

4/3/2015 11:50:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:4dRbQymJyWOVkioADVSitskl0o4HYCDyAM8nlZb9Hjgg+P9T:4dRbbMydRkkl07rtM8nlFGVPJ

Entry address:

0x75DF0C

Entry point:

9C, C7, 04, 24, 8D, 1E, AF, D3, 54, 88, 04, 24, C7, 04, 24, EB, 2E, 52, CA, 60, C6, 44, 24, 04, F1, 60, 88, 54, 24, 04, 8D, 64, 24, 40, E9, DD, 35, 08, 00, 39, D0, E8, 5A, 84, FF, FF, E9, B5, B4, 01, 00, 60, F7, D0, E8, 8F, B2, 01, 00, EE, 88, 2A, 94, 0A, 68, C2, D9, EC, 73, 72, 32, D2, 7F, BD, FF, 65, DB, 65, DB, 4D, 6F, A5, 1B, AD, 73, B5, 2B, 85, E7, 4D, 6F, A1, 1F, A5, E7, 75, EB, 45, EC, 4E, 7E, 6E, EF, 41, 5E, 62, D4, E4, 45, DB, C4, F8, 4E, 5F, 52, B8, 3B, E5, 98, 7D, 09, A5, 1C, 8F, 2E, 1A, 03, 75... 
[+]

Entropy:

7.9937 (probably packed)

Code size:

796.5 KB (815,616 bytes)

The file smilefiles_downloader.exe has been seen being distributed by the following URL.

http://d.failsmail.com/j5HjQ3GN A80jP8IPI3neyjPoCV7pOR6JvTufyv7xyN/vpE5R6K2MkLp3nleqpAFSLWWOEaZiQ4L1cxJWYRoEFXRNFE2lHokLpt C3eMeeYvmGbpN3Q36DlpO/s e37wMXlL4xBpFM41Ml/6C3RuwAJ1VswtTlaWRgJJywl3KMNDHnGZswR5lbcEf5G7CmHl 10Kr/MzMfbydD/3qH5Rt/wvVuKXZ1y lGUOupk7EIeWakKFhVMd05ARHNL5IKef2VHgmeQT6I/.../yGbXqIka3vqEEJCY3BiUxtgcnMn1Up b9gQ2hPANMYT0XGueoSx8yOh2Ifnucg==

Remove smilefiles_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.