softinfo.exe

Software Informer

Informer Technologies, Inc.

The executable softinfo.exe has been detected as malware by 8 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named SoftwareInformerService triggered to execute each time a user logs in. While running, it connects to the Internet address giveawayoftheday.com on port 443.
Publisher:
Informer Technologies, Inc.

Product:
Software Informer

Version:
1.4.1273.0

MD5:
8d3ac861f8d3ce262f30f432d6ff7d77

SHA-1:
8c997ec8dc206ada415e76ad0a9234a5ec713324

SHA-256:
84e9947f77460887443c3b7921566688c39189e606a9564810ab463a93cfec6b

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/25/2024 4:55:29 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Virut.F
2015.06.01

Avira AntiVirus
W32/Virut.Gen
8.3.1.6

Fortinet FortiGate
W32/FakeAV.RQ!tr
7/14/2015

G Data
Win32.Virtob.Gen.12
15.7.25

IKARUS anti.virus
Virus.Win32.Virut
t3scan.1.9.2.0

Panda Antivirus
W32/Sality.AO
15.07.14.02

Rising Antivirus
PE:Win32.Virut.cx!1553679
23.00.65.15712

Vba32 AntiVirus
Virus.Virut.14
3.12.26.4

File size:
1.2 MB (1,210,880 bytes)

Product version:
1.4.1273.0

Copyright:
Copyright (c) Informer Technologies, Inc., 2007-2015

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\software informer\softinfo.exe

File PE Metadata
Compilation timestamp:
3/30/2015 6:07:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:P1KV9kZPU4M4W1nNn5GrvQw5YT+rudN6kgND3ltG5:HZPJM4GnZTguSpNTltG5

Entry address:
0xC675B

Entry point:
E8, 31, 04, 00, 00, E9, 49, FE, FF, FF, CC, FF, 25, 48, 96, 4D, 00, FF, 25, 44, 96, 4D, 00, FF, 25, 40, 96, 4D, 00, FF, 25, 3C, 96, 4D, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 38, F8, FF, FF, E9, DD, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 50, D0, 50, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00...
 
[+]

Entropy:
6.3625

Code size:
862.5 KB (883,200 bytes)

Scheduled Task
Task name:
SoftwareInformerService

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to d3.16.e443.ip4.static.sl-reverse.com  (67.228.22.211:80)

TCP (HTTP):
Connects to 2b.28.24ae.ip4.static.sl-reverse.com  (174.36.40.43:80)

TCP (HTTP SSL):
Connects to giveawayoftheday.com  (204.155.149.200:443)

TCP (HTTP):
Connects to mailerdaemon.software.informer.com  (208.43.5.68:80)

TCP (HTTP):
Connects to d2.16.e443.ip4.static.sl-reverse.com  (67.228.22.210:80)

TCP (HTTP):
Connects to 45.05.2bd0.ip4.static.sl-reverse.com  (208.43.5.69:80)

TCP (HTTP):
Connects to 23.01.c0ad.ip4.static.sl-reverse.com  (173.192.1.35:80)

TCP (HTTP):
Connects to 28.01.c0ad.ip4.static.sl-reverse.com  (173.192.1.40:80)

Remove softinfo.exe - Powered by Reason Core Security