» sosintwr.exe
Overview
Analysis
File Details
Downloads (4)

sosintwr.exe

Steganos Online Shield

Steganos Software GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from www.softonic.com and multiple other hosts.

File name:

sosintwr.exe

Publisher:

Steganos Software GmbH (signed and verified)

Product:

Steganos Online Shield

Version:

1.4.14 Rev 11225

MD5:

7ddda71be475f4dd2581d96dc01bcaff

SHA-1:

c51894ecff15ae0461ebe6bedfb074225284ce61

SHA-256:

66102c38551b6aebb522681a6129051bfa062a664a88049a10377fe24bc0147f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/6/2024 5:00:46 AM UTC (today)

File size:

39.1 MB (40,947,936 bytes)

Product version:

1.4.14 Rev 11225

Original file name:

setupwrapper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Steganos Software GmbH

Authority:

GlobalSign nv-sa

Valid from:

9/10/2014 7:40:01 AM

Valid to:

11/3/2017 9:25:47 AM

Subject:

E=certificates@steganos.com, CN=Steganos Software GmbH, O=Steganos Software GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112127389AB528A3A8EC995621C824069818

File PE Metadata

Compilation timestamp:

2/23/2015 6:40:14 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:+qh99G2l8YXQ3wKSigqn51IIjeF/uyb86FPKNR6Im9gRMA60Z/Rp1dLMQ:xBef551JHGPbeMA6ORp1dLd

Entry address:

0x10BF6

Entry point:

E8, 3F, 8B, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, 90, 86, 42, 00, E8, A0, 44, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, C8, C5, 42, 00, 03, 75, 43, 6A, 04, E8, 29, 8D, 00, 00, 59, 83, 65, FC, 00, 56, E8, 51, 8D, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 72, 8D, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 15, 8C, 00, 00, 59, C3, 56, 6A, 00, FF, 35, F4, C2, 42, 00, FF, 15, 74, 40, 42, 00, 85, C0, 75, 16, E8, 2E, 28, 00... 
[+]

Code size:

139.5 KB (142,848 bytes)

The file sosintwr.exe has been seen being distributed by the following 4 URLs.

http://www.softonic.com/sads/tracker.php?ev=c&co=EC&sid=25c4a7e05f3b6eca66931b93e57a705d&upv=3ae708ab2ab51e54a41cc814ba045464&z=results&sk=0&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F29D8DCFC887A6B7D4C37E5565540E7C0D6FD8E66957C38B63218B43F43BD067445E75DE1A0BB82B0C7EEF69A2B9943BB2EB1BD8362687AC95D22BF5E6AC709D789F362CA2B25E0322854E3682CA2276BB09CA6F779A523FDCDF9BB701E580154AA01ABC8BAAA341107BAEE0511BC8F6223943ED2859E5089522F97151C46EA33A79B4D4393CC1023D53AEC41A41C199D4&h=A788643254FFD41D683D3C791A78C15A57F37BB010FD3AE551B1F09BBAD5DF77&directdownload=1&f=69687091&d=http://www.segurisoft.es/software/.../sosintwr.exe

http://www.softonic.com/sads/tracker.php?ev=c&co=PE&sid=6148af14bc76513c07ac036618b09dd7&upv=d84d17a4a0009495e9682f19bd1a549b&z=results&sk=0&abp=1&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2501BE31379982EC6F31D9FACC0B5D980C385DAA670FA791BD51E9F01DD04F143B8E6F78B261746D7A89E194256E98E24647D790000517786BE74F6A217AA3ED8A1123FECA3BD3F5E6F34C954D1370E77FA6463500D60059118ACDEBDC094564A6361F7334C2D5CCC8857F35BB26E8272A1664D56D3FB9432551789B66E270CC6290008C66739E7F6F82EC37EC7F5F2CB&h=0C3005C916027FD2314704F3936C78329708DD1966D3744EB28584C99920EE67&directdownload=1&f=69687091&d=http://www.segurisoft.es/software/.../sosintwr.exe

http://www.softonic.com/sads/tracker.php?ev=c&co=EC&sid=cd9747884832a90f6e19da4b016d3df8&upv=594a6bb3c83fdfd342bca75be140ee64&z=results&sk=0&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2501BE31379982EC6F31D9FACC0B5D980C385DAA670FA791BD51E9F01DD04F1436C3FE0421B9E44965562C05B508C2337292003194329953F4CAA5E816E66C058C2430A82537BC0FE0B314B0574D7C2DF0FA8DC9B6AE754385212B5E30350C7C4966C64E7A16DB75845DEA54F087808B949AA5C862DC7ED106114B84DF9FA4A174C8A8ABFFC9856CA133C0400CFC99002&h=D6005FD6097A270340EEC98C4218B1BE682D610C43C1EC63D126AE9CA6EA088F&directdownload=1&f=69687091&d=http://www.segurisoft.es/software/.../sosintwr.exe

http://www.segurisoft.es/software/.../sosintwr.exe

Scan sosintwr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.