» synfigstudio-1.0-32bit.exe
Overview
Analysis
File Details
Downloads (16)

synfigstudio-1.0-32bit.exe

The executable synfigstudio-1.0-32bit.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

MD5:

d01d7b4f55f0572365e9260245e783b6

SHA-1:

1a2f02a56e063369edf409a51763e5117dbbccf7

SHA-256:

07cce30d4b7670f2173191dccbf4e687afd16163116f7a40998d4d0827b25fb6

Scanner detections:

2 / 68

Status:

Malware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

11/27/2024 2:44:14 AM UTC (today)

Scan engine

Detection

Engine version

Norman

Cridex.X

11.20150512

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.4.3

File size:

85.8 MB (89,959,638 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\programs\synfigstudio-1.0-32bit.exe

File PE Metadata

Compilation timestamp:

8/30/2021 12:15:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.24

CTPH (ssdeep):

1572864:8xdBBgEdZW/XexGaZAvDNf0O09LZumUEzjgIs2jnASBXyriPL:8xdBaEkXeIaoCO09LjzZnACCmL

Entry address:

0x416D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 43, 00, 56, A3, 70, 5A, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 83, 3C, 00, 00, A3, 40, 5B, 43, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Entropy:

7.9985 (probably packed)

Code size:

34 KB (34,816 bytes)

The file synfigstudio-1.0-32bit.exe has been seen being distributed by the following 16 URLs.

http://dw.uptodown.com/dwn/sWlauvskIigTP-_ZOvpaOKTTwYCu8bAcnN46McCfbsD4CbA3nU-Q0i-tQXhMqkoC5WCLD0RGoc3hjJWEV9glT4qWhqX6X1F-Kn2A3VIAlv5QYcQq15EOtoh0HyiOHu__/CZN5hloKMCHwGU2UO-hcdSUcrtRCtRkxSOSNxQFtLw_rH2xoszHWz4RMcaV25kzpF8jVNAPiSi0-8x53VD1hfzP5K5li9Akbprz2YHGB6jQEcbgT6r0V1RkC1qAYp6k8/A7HbGrEwprX3XmvK8b1eYHpZbu58l1aDbQMrES6lbxGQ9gR3G-2WvUXpL8EBefeasThEb_UxNKRGxvSdwTHIj3mJ0VztYHWHgDBBpQQh1JeCFAP3kSDeb5R6rIL5wv2m/.../

http://dw.uptodown.com/dwn/aTLuteCvLzLuCgzAJhAMS6CSuQJgqTBqFjoaz9VYnT8Wi_TGzPW-IylWE3pMHsjOolmSVmLN174fqheEe8WuyJPU33hYhyMyIg0tOvRUCIDboatTT58GV1KSxFgRb5_h/kMyZzPliQmEOPb1cOFxDbTaYtRKdS5iHoKq7ItQDLK2ViPlEOVBqkZ3FX1Fh1_CP0diI5sUzB2xFMhh9AIZWj6sY_Li6E9vu4CZfdnec40-VBypNIdhJuIGEmY2pA7Uo/rO8ZYyFVmETDT2KIsUONcQil4cKa5C9GgCUGkp8CjOCS17cqaeDG9wJKfk7b_rxHLF4ZvSJOEj5sIYh80LTp1m3rysSG70mw4jfz5c9fqP38eMJi6V9ynwP_S0pHDrBT/.../

http://dw.uptodown.com/dwn/kdhzWnf-_tt4RMqLaLt_khQZpvLl3h_iMss0tIFDF0BLBFL4WzoYwVwFuqXs7idEo51VpiQpVJmr-HT1olnfFBFAFpr_hpkLE46UD7NdHyeWJYlwIFlMceviW4n36tNr/BG_8obya_jBlTHp09tRLjQEWUL_9zIJFoaA_9LyGyQnFWd7J-PBp4gFlRBmdWL20qfqBE63nVZ5riI2dOoEuxbYcSioutIb7m3srl-hUFSo23F3_HMO4ivEP4Ijz-E0U/Qe-sWUZ_LDXd0isVMloDgFKkYfEerb6V4Ouxpnv61nzwYVyL9kS9TahV-qH188Jbv6cs34GH6KmIOgvpP-FqLuley4JY__wzayN_-1gTceueYFnzjlraVnB4mDrHthtT/.../

http://download.fosshub.com/Protected/expiretime=1432233658;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/d02df09154682243fc88a589cf92eedbcd828d9fb9ee5710ad6bd69b83780ee1/.../synfigstudio-1.0-32bit.exe

http://dw.uptodown.com/dwn/K0BHKUVKLkIz5KW3XBaUc4pkB_EnyeoCP4BZHsn9IG-Ad-IYVvnuXHiPciGZIv9Rr83yXlCU4823f-hBu4Y78tGijf1NNG9frPPY8f9D0KjQ4wlGvrlo6FFpg08a71IH/EpEgRcA9R4uAibNeQAPw3W5Fxka_bF570xM1ZgYwwkooWAfNJaOdAczmOzuRd3xNZVBQIjLwe_0ILWNVrbtJa36CDt_rl3slt4LgfRu2TZg_snFDhP9rnQ5enWESjvO7/8pn6o6i2113GmgzPw2rdIJMXABZkU4le1u043IAtXMkbqV9nzwwQ0Ko9vs1Qs0_us_5JfI6-R7dMPS3boxO5_0u3U34N0rT-LjUpHvAhtVeQ_I9ay80cshlraHRXtcGx/.../

http://dw.uptodown.com/dwn/VJdF-xcHOBCGK1-Jtj3JPgJid6Nx7nEi4GEnxu5VMj1VTXcdFx3V66JbDDAK3XVtxKhQZjjzV9ehvgv_yo3jVcG_4CmkZQiPe97N9JKs8hnNCYpDb9ep-NTg8TTAbArW/kFTuXukqWEnEtqleDqfr1mUp29o546hWJTNZS51n6MR6KJZBjUOyii8H3dLyJcTQxBjzh9G48cWNE0o9166Qi07V7HIPuTxcVmDlRiLB9bXLa0juG8JjGnz1h-zs8rZx/.../

http://download.fosshub.com/Protected/expiretime=1436316868;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/00b51be8ecd8cb4acadae0316b292f9dcd444e8ab7445d16e0861f3e01aceb9f/.../synfigstudio-1.0-32bit.exe

http://download.fosshub.com/Protected/expiretime=1432259145;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/169b33d954d20c43446f2aaff3b52334fa90c1153dc3795ca02372dbf66fb179/.../synfigstudio-1.0-32bit.exe

http://vsofte-file.ru/synfigstudio-1.0-32bit.exe

http://download.fosshub.com/Protected/expiretime=1430179257;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/ee47ab5aaf751e1b30cff4ef62f0a4ce0c569f811737e06d35be5453f86336bc/.../synfigstudio-1.0-32bit.exe

http://download.fosshub.com/Protected/expiretime=1430228102;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/a626b6dab94c5b6058541cd658fb8a18f31caa824509875b46373a7c7c9177de/.../synfigstudio-1.0-32bit.exe

http://filehippo.com/download/file/.../

http://download.fosshub.com/Protected/expiretime=1430446624;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/e7954147f1b56dafe6c1375c5a36b3d3e4c78f2082bf3dadf72fb997fdc68cf8/.../synfigstudio-1.0-32bit.exe

http://downloads.sourceforge.net/project/synfig/releases/1.0/.../synfigstudio-1.0-32bit.exe

http://download.fosshub.com/Protected/expiretime=1433850814;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/a377a88a6d0b921195d41618f1d2d8940d8b10988464246aa4e0ca021062a739/.../synfigstudio-1.0-32bit.exe

http://download.fosshub.com/Protected/expiretime=1433129201;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/05853523c5b14a8c42a986aee69ffc29b249c7354ff498254f612c3a5273f234/.../synfigstudio-1.0-32bit.exe

Remove synfigstudio-1.0-32bit.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.