home

stuffitexpander_setup.exe

The application stuffitexpander_setup.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from sem.download.cnet.com.
MD5:
10a187e04681f4af00c80920f7e36a32

SHA-1:
952fd0dcf98a16b4c3f5e7eb5475a0dc03b9a757

SHA-256:
3ebd71b304013be532e0fd0b34719c61dc2f758290eb12dcafd23bf63bbc2b6e

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 1:45:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.101.154

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1593

Bitdefender
Gen:Variant.Application.Installcore.14
1.0.20.1230

Comodo Security
UnclassifiedMalware
16909

Dr.Web
Adware.InstallCore.20
9.0.1.0246

Emsisoft Anti-Malware
Gen:Variant.Application.Installcore.14
8.15.09.03.10

ESET NOD32
Win32/InstallCore (variant)
9.8781

Fortinet FortiGate
Riskware/InstallCore
9/3/2015

F-Prot
W32/InstallCore.B.gen
v6.4.7.1.166

G Data
Gen:Variant.Application.Installcore.14
15.9.22

K7 AntiVirus
Unwanted-Program
13.172.9530

McAfee
Artemis!10A187E04681
5600.6654

MicroWorld eScan
Gen:Variant.Application.Installcore.14
16.0.0.738

NANO AntiVirus
Trojan.Win32.InstallCore.pbfzm
0.26.0.54404

Vba32 AntiVirus
BScope.Malware-Cryptor.Sinba.C
3.12.24.0

File size:
525 KB (537,600 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:FxAbUTohjdkuXsjAihheumvHiNjYOl/jfQNn6eqaHNSIXZNpEZFgFdF6CN0aviTo:XA937ihhiqlCLqaomMZ6FdF6havirtu

Entry address:
0x108590

Entry point:
60, BE, 00, F0, 48, 00, 8D, BE, 00, 20, F7, FF, C7, 87, 10, 57, 0C, 00, 6F, 6F, 6C, 5A, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
488 KB (499,712 bytes)

The file stuffitexpander_setup.exe has been seen being distributed by the following URL.

http://sem.download.cnet.com/.../?DTMN=10900385&tID=3

Remove stuffitexpander_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.