SoftobaseUpdater_2.0.exe

Softobase Updater

IN SITE GROUP LLC

The application SoftobaseUpdater_2.0.exe by IN SITE GROUP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static.125.148.243.136.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
IN SITE GROUP LLC  (signed and verified)

Product:
Softobase Updater

Version:
1.3.0.28864

MD5:
bcdbefee78f62b02e79121406d5fdf45

SHA-1:
6a3e19615ac91cf318d7171ff5b0092c3798aafd

SHA-256:
588e4dc0b538d64d9ae0808de6dcd3c4945c5e321711cdd04f5032972726c58c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:36:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.INSITEGROUP.T
14.11.21.23

File size:
51.3 KB (52,504 bytes)

Product version:
1.3.0.28864

Copyright:
Copyright © 2011-2012

Original file name:
SoftobaseUpdater_2.0.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\softobase\softobaseupdater_2.0.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/24/2013 6:00:00 AM

Valid to:
12/25/2014 5:59:59 AM

Subject:
CN=IN SITE GROUP LLC, OU=IT DEPARTMENT, O=IN SITE GROUP LLC, STREET=GAGARINA AVENUE 115, L=DNEPROPETROVSK, S=Outside United States, PostalCode=49000, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
55D394430ABD92A2E716421844EC9E5B

File PE Metadata
Compilation timestamp:
5/26/2014 9:02:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:OIRm88NN93b7dLH0BEqAUsSA+AUI0kuebu0g8NN93b7dLH0BEqSSBuLW:OKB8lHxa94SA+A/0kuIu0g8lHxa9SSsW

Entry address:
0x81CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 48, 00, 00, 80, 10, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
24.5 KB (25,088 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.125.148.243.136.clients.your-server.de  (136.243.148.125:80)

TCP (HTTP):
Connects to b-internet.212.20.18.90.nsk.rt.ru  (212.20.18.90:80)

TCP (HTTP SSL):
Connects to b-internet.212.20.18.86.nsk.rt.ru  (212.20.18.86:443)

TCP (HTTP SSL):
Connects to b-internet.212.20.18.89.nsk.rt.ru  (212.20.18.89:443)

TCP (HTTP):
Connects to b-internet.212.20.18.87.nsk.rt.ru  (212.20.18.87:80)

TCP (HTTP):
Connects to b-internet.212.20.18.84.nsk.rt.ru  (212.20.18.84:80)

TCP (HTTP):
Connects to a2-16-155-24.deploy.akamaitechnologies.com  (2.16.155.24:80)

Remove SoftobaseUpdater_2.0.exe - Powered by Reason Core Security