sprz.exe

Sapodilla Ltd

The application sprz.exe by Sapodilla has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cds.t4x4w9a7.hwcdn.net and multiple other hosts.
Publisher:
shopperz   (signed by Sapodilla Ltd)

MD5:
9cb8106493f8736596d5e0fabd205fbc

SHA-1:
2f94d6dd6d2a0c47b756d59b466d64ced25d845a

SHA-256:
c75131769e151870e1cb6367059f98480bed4936099e1f0ade83f528a7186a66

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/28/2024 12:57:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Perion
7.1.1

Dr.Web
infected with Trojan.BPlug.955
9.0.1.05190

ESET NOD32
Detection.Undefined
7.0.302.0

Fortinet FortiGate
Riskware/Perion
3/20/2015

IKARUS anti.virus
PUA.Toolbar.BitCocktail
t3scan.1.8.6.0

Malwarebytes
PUP.Optional.Shopperz.A
v2015.03.20.06

McAfee
Artemis!9CB8106493F8
5600.6820

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Bitcocktail
15.3.20.18

Sophos
Generic PUA CP
4.98

Trend Micro House Call
Suspicious_GEN.F47V0319
7.2.79

VIPRE Antivirus
Threat.4758935
38552

File size:
2.4 MB (2,527,976 bytes)

Product version:
2.0.0.457

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sprz.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
1/28/2015 8:37:16 AM

Valid to:
1/29/2016 8:37:16 AM

Subject:
CN=Sapodilla Ltd, O=Sapodilla Ltd, L=Hod Hasharon, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121449121483F5C10A1D21935F061A75AD5

File PE Metadata
Compilation timestamp:
1/30/2013 12:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:lU5Y98blRBM+u2OGy9sYsgWGxwz5Ssg0v3WTQtj/MM3/Lasav9EooiOQPLb:W5Y9673ALHWGxwDgmGT2jUMjas6+bi5b

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file sprz.exe has been seen being distributed by the following 2 URLs.

http://cds.t4x4w9a7.hwcdn.net/.../sprz.exe

Remove sprz.exe - Powered by Reason Core Security