synfigstudio-1.0-32bit.exe

The executable synfigstudio-1.0-32bit.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
d01d7b4f55f0572365e9260245e783b6

SHA-1:
1a2f02a56e063369edf409a51763e5117dbbccf7

SHA-256:
07cce30d4b7670f2173191dccbf4e687afd16163116f7a40998d4d0827b25fb6

Scanner detections:
2 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/28/2024 10:59:48 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Cridex.X
11.20150512

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.4.3

File size:
85.8 MB (89,959,638 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\programs\synfigstudio-1.0-32bit.exe

File PE Metadata
Compilation timestamp:
8/30/2021 12:15:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
1572864:8xdBBgEdZW/XexGaZAvDNf0O09LZumUEzjgIs2jnASBXyriPL:8xdBaEkXeIaoCO09LjzZnACCmL

Entry address:
0x416D

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 43, 00, 56, A3, 70, 5A, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 83, 3C, 00, 00, A3, 40, 5B, 43, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
7.9985  (probably packed)

Code size:
34 KB (34,816 bytes)

The file synfigstudio-1.0-32bit.exe has been seen being distributed by the following 16 URLs.

http://dw.uptodown.com/dwn/sWlauvskIigTP-_ZOvpaOKTTwYCu8bAcnN46McCfbsD4CbA3nU-Q0i-tQXhMqkoC5WCLD0RGoc3hjJWEV9glT4qWhqX6X1F-Kn2A3VIAlv5QYcQq15EOtoh0HyiOHu__/CZN5hloKMCHwGU2UO-hcdSUcrtRCtRkxSOSNxQFtLw_rH2xoszHWz4RMcaV25kzpF8jVNAPiSi0-8x53VD1hfzP5K5li9Akbprz2YHGB6jQEcbgT6r0V1RkC1qAYp6k8/A7HbGrEwprX3XmvK8b1eYHpZbu58l1aDbQMrES6lbxGQ9gR3G-2WvUXpL8EBefeasThEb_UxNKRGxvSdwTHIj3mJ0VztYHWHgDBBpQQh1JeCFAP3kSDeb5R6rIL5wv2m/.../

http://dw.uptodown.com/dwn/aTLuteCvLzLuCgzAJhAMS6CSuQJgqTBqFjoaz9VYnT8Wi_TGzPW-IylWE3pMHsjOolmSVmLN174fqheEe8WuyJPU33hYhyMyIg0tOvRUCIDboatTT58GV1KSxFgRb5_h/kMyZzPliQmEOPb1cOFxDbTaYtRKdS5iHoKq7ItQDLK2ViPlEOVBqkZ3FX1Fh1_CP0diI5sUzB2xFMhh9AIZWj6sY_Li6E9vu4CZfdnec40-VBypNIdhJuIGEmY2pA7Uo/rO8ZYyFVmETDT2KIsUONcQil4cKa5C9GgCUGkp8CjOCS17cqaeDG9wJKfk7b_rxHLF4ZvSJOEj5sIYh80LTp1m3rysSG70mw4jfz5c9fqP38eMJi6V9ynwP_S0pHDrBT/.../

http://dw.uptodown.com/dwn/kdhzWnf-_tt4RMqLaLt_khQZpvLl3h_iMss0tIFDF0BLBFL4WzoYwVwFuqXs7idEo51VpiQpVJmr-HT1olnfFBFAFpr_hpkLE46UD7NdHyeWJYlwIFlMceviW4n36tNr/BG_8obya_jBlTHp09tRLjQEWUL_9zIJFoaA_9LyGyQnFWd7J-PBp4gFlRBmdWL20qfqBE63nVZ5riI2dOoEuxbYcSioutIb7m3srl-hUFSo23F3_HMO4ivEP4Ijz-E0U/Qe-sWUZ_LDXd0isVMloDgFKkYfEerb6V4Ouxpnv61nzwYVyL9kS9TahV-qH188Jbv6cs34GH6KmIOgvpP-FqLuley4JY__wzayN_-1gTceueYFnzjlraVnB4mDrHthtT/.../

http://download.fosshub.com/Protected/expiretime=1432233658;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9TeW5maWcuaHRtbA==/d02df09154682243fc88a589cf92eedbcd828d9fb9ee5710ad6bd69b83780ee1/.../synfigstudio-1.0-32bit.exe

http://dw.uptodown.com/dwn/K0BHKUVKLkIz5KW3XBaUc4pkB_EnyeoCP4BZHsn9IG-Ad-IYVvnuXHiPciGZIv9Rr83yXlCU4823f-hBu4Y78tGijf1NNG9frPPY8f9D0KjQ4wlGvrlo6FFpg08a71IH/EpEgRcA9R4uAibNeQAPw3W5Fxka_bF570xM1ZgYwwkooWAfNJaOdAczmOzuRd3xNZVBQIjLwe_0ILWNVrbtJa36CDt_rl3slt4LgfRu2TZg_snFDhP9rnQ5enWESjvO7/8pn6o6i2113GmgzPw2rdIJMXABZkU4le1u043IAtXMkbqV9nzwwQ0Ko9vs1Qs0_us_5JfI6-R7dMPS3boxO5_0u3U34N0rT-LjUpHvAhtVeQ_I9ay80cshlraHRXtcGx/.../

Remove synfigstudio-1.0-32bit.exe - Powered by Reason Core Security