home

stanzasetup.exe

This is a self-extracting archive and installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
MD5:
d94dc092d192cb93ac4475bdd9219b1f

SHA-1:
33fad57d291644242bea266d8aad724902455aed

SHA-256:
782cc82bebba0b53a94453b6c75601a4d8e8d518e937f5a0f0d457a74b075593

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/2/2024 11:30:08 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Small.lwhc
0.28.0.57029

ViRobot
Backdoor.Win32.Small.57856
2011.4.7.4223

File size:
52.3 MB (54,788,591 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\stanzasetup.exe

File PE Metadata
Compilation timestamp:
6/15/2007 10:52:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
1572864:ONoTBNWxUJpIsl6Ng+ZsAY1sKrvwIQqhHHqPTbl:YoTjIsMtZ0JrvwIQuHmTR

Entry address:
0x3683

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, C7, 85, 7C, FE, FF, FF, 00, 00, 00, 00, C7, 85, 78, FE, FF, FF, 00, 00, 00, 00, E8, 68, 4C, 00, 00, 6A, 00, E8, C1, 4C, 00, 00, A3, 20, F9, 42, 00, 8D, 85, 94, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, D0, A2, 40, 00, E8, 72, 4B, 00, 00, BF, D1, A2, 40, 00, B3, 20, 68, 14, A3, 40, 00, 68, E0, F9, 42, 00, E8, 83, 26, 00, 00, E8, F7, 45, 00, 00, 50, 68, 00, 80, 43, 00, E8, 73, 26, 00, 00, 6A, 00, E8, F5, 43, 00, 00, BA, 00, 80, 43, 00, A3, D0, F9...
 
[+]

Entropy:
7.9998  (probably packed)

Code size:
29 KB (29,696 bytes)

The file stanzasetup.exe has been seen being distributed by the following 14 URLs.

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1477466048&Signature=RDeJwgJgB1YH4EGoXWSgdmPQkstqKiVpc-f6226lpYGyKy0ZoJWHhyRrm71Z8Ycd42vw9JihOd0OIHN2K71FN2pv2x~dZwYRITjSpuKkDH01onWgcp2PrbnA88t3tW7G-sk1uEUvrnEB6rLeC~egiKb67Dg9tFZEC1ZVGb0YHFk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://down01.waxoo.com/32279bbd6b96478c00af5754b98641ca.exe/stanza-desktop?id_file=6049&expire=1419867538/600/signature=959519b9fb8c9f406528e323a372c29a/.../stanza-desktop

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_en&type=PROGRAM&Expires=1480314916&Signature=c-6PJ-8Dv-7hD82Z5c-X9tqbKT3BgQFNv5M5L6fam0zX1P985Gw9sAuUgtnzM71TGRwIkZ-Lo15TpIvOecRLnS8oALSdLr7qG9NuUbTOGi4~yP1N7NO8yOxK5svwBq6qmVAtQPBJ~vIFMVFZyi3CvAKJMxhvbmTGmPqZBVvDw7s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://w1.mien-phi.com/Data/Soft/2011/02/.../StanzaSetup.exe

http://c236.y8top.net/2107tmp/cf/soft/2013/8/ba/.../lexcycle-stanza_100_beta18.exe

http://f51.softwaretop.net/2107tmp/cf/soft/2013/8/ba/.../lexcycle-stanza_100_beta18.exe

http://w2.mien-phi.com/Data/Soft/2011/02/.../StanzaSetup.exe

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1463412898&Signature=hZQeCVefM9p1Le8zu0Tg5wO96eT3FUXnorGubyEa2zcvwfB1X-Z4xMsqcMNJasZ-kkhZs9OduJWpluTIGZeRvkKJXhqtcOYGiCX3cEKQUac03frB-9Q7r2YD5kw-vi2GooJqwDFTDtkztHbfzTig3KL5wxw27S6YMXDV~~I5fvo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1438347263&Signature=IMkkiBb17Kzxc0tIV2YF0rlTfjOnXhWUdiE9QgdaSAZGv1YOcwrYYfnhDPvonJfRmryMPoq~Jzvj6YJB~klXWu2ZkI5Di96N4w4DygaiCkdyzErLj7tEbCN~vPqWbd-FcFAars94RIDmsuqIBNX4FgBotWI4lb~f~bka3LOh6OI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1455259550&Signature=gvlIZNPFeIy1WnO8mx1-cyyDDIfwwZVuILB5SWjCHw6Lfkzne4wnNLgwe8t4UFHGPfYd5LvyLFvvcbrxn70g31MIxAKVZnTznZbdaX83rAzwwpPO7BloAUgk-EnKR5UJ9Il9dRcAsEY7Qc4Q83N936dwvY-Dfad9BjHKfNrEU2E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1453428488&Signature=LfZUiYT29qJAE9HUOiQTpDv1UgSJZhlwzB0bDOehGMDZYSqHp7ceimuAJYVZ6wS4FLr5Cnu0H53hwEYGFKtVZFSo3tp1DQeG0wUAbRU2FCyFDv6uPykspfVGlSZl0VDbJh7Bzfw2lBy-HI0l~ERWIddTZR-keN3LZIW8q98vegA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://gsf-cf.softonic.com/33f/ad5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=82044&instance=softonic_es&type=PROGRAM&Expires=1454096082&Signature=EnyZDHnLDUDZfgceukmFuK1Mch795DxFoCm-4qOUhGuUt4YQ~F4g3vQ2LOYvzUbUkheotFJPyGZroX3D9hh~~g~PQ9gBrRxhpYLGtJB-k4bbtq7VwbEsibphFJx87u62zXbxrq~Lx4jTJfo3bkmTdM1evKVNhfq-XsLmhPRxG6Q_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=StanzaSetup.exe

http://stanza-desktop.fr.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOSshH/AKyha564786MBd5K cBEVp8j1uAFiQPpFfEqN1up/YIRM9m8ypIXkKHQicmOw0iO9g/lmUB67wGidX h9Cge0Nj1bXnck1hO7K P 0MNY3uMzmrQ/LOITAI vB1z4x5eI7lnAl1ovW16vp0wd6FlEwY47BIKLAEtNKdyYEYc7G4Wu0DwpPfMmZ7VLZecsdi5jgL422WBo1S8AhArt0U13wfoz5nYBznbRF6j61I2lvpZkjmJ0a9kQzOUp/SpPsAX9ZTQ5CWPCEUUd6/DpyAjPgTnIgGHrg8nuEjdPsU/dEhN/.../m8o1XD4QupHg0tz4VgbGEiacrtIhukI

http://f35.softwaretop.net/2107tmp/cf/soft/2013/8/ba/.../lexcycle-stanza_100_beta18.exe

Scan stanzasetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.