spdc32.exe

The executable spdc32.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from tezco.xyz.
MD5:
d9112133fceee6ce2d44dd0f1894d914

SHA-1:
93b9f9bbb7776928cde863af88a116a1fbeda3c9

SHA-256:
df1d71fbbcf705b4bb955e287bf9a7b6b91a9f8418ab3133fd0715af42b3867b

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/25/2024 5:11:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160216-0

ESET NOD32
multiple threats
8.0.319.0

File size:
154.9 KB (158,644 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\windows\temp\spdc32.exe

File PE Metadata
Compilation timestamp:
12/9/2014 1:03:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:eAsj8MBX8s0oXJT45/H9tRNE87PLAK+FP/S6kzewQg2UHVfR6LK8BOUrvk:eAsBZlwHPRNxjAKdz3Qz2cLBB9rvk

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, C0, 2D, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 58, 2A...
 
[+]

Entropy:
7.7329

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file spdc32.exe has been seen being distributed by the following URL.

Remove spdc32.exe - Powered by Reason Core Security