thief1.25_installer.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
MD5:
eea4d308ac24a4d26c8f92d0131381f3

SHA-1:
65a267a13a0dfdbe8d4e4b2f167f15ace448f6d3

SHA-256:
72e39abee4ee111d93811eff6971bc41ac5f793062975231037a7e1c39ec4906

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 3:34:55 PM UTC  (today)

File size:
3.8 MB (4,024,223 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\thief1.25_installer.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:HV1BkcFV6/mh365ab5Jp+1Uzg2LWj6n/SwS+82yjtHH60j:HVheaWAJM4BS4/SwD8ZHrj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file thief1.25_installer.exe has been seen being distributed by the following 13 URLs.

http://gsf-cf.softonic.com/65a/267/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69669862&instance=softonic_br&type=PROGRAM&Expires=1483880925&Signature=Y~rddiMQk48x2ZAqFoH7tanrd4yxYiL6fEHe3-9HNjOlNyw05ngkQnOy0BqIfaI1~7oP7OIKOQv29fFgAPRERpRbH9LkG4DakDhPeBdzJEEG37dZzEAojJlDg9ysx5drmrOyymsdiMV0L~o7GCF1JNEay2E~uuEKHg2mAntGvhc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Thief1-25_Installer.exe

https://thief-chess-client.softonic.pl/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOpGwrLp/IeWX2HxpdQXkclSyo66DjSuRKzMP3LrNVCXLPq6irDHAHj4 XB9xxeg 2AS8mrd3q6jSuK/ZNtswieCnTfBIzYgH6Sftim3B6JVZlmI3xXWVFkkgUqH0CQVRmn4BSW6cxHvDepoHqjpeEG23CoBMAsRe4lBHp9om/j0qQaPinBJMvHjQCHNyv0saImTEIod AsNvdAtfUoHrcUC59BlFDh5CmAqHW5NIMDRDfaI8ZudOvPgIkdO86wzZw4m06ONrpOqe4 PM9GyXOnWWwQRQiV6wcpYV6fqRHu/wb7CKSG0uApsAf 8HkqKsjziSAF54qCaGmazIc/72PpWmQe38oe5PJvTaEEZXOk d02j2MBJ4wesHEGLU wFZD5oleLIZIZtRS8abauxu9Q HOV wvfLU sMONFMslL5Rt/5Th9dQ peyB3yQh0NHYSfHanjS FX3e78q3ZwwboqjJwHvJ4AWwWkTYCX 7To5QWMPyljr6LHhjrC5JuOXy70TelUbPfkp6Qa649/nz9eLF qr6gLHvcSmSTJFOPZNr4j4v4p7/.../AsE2heIJUc=

http://thief-chess-client.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOpGwrLp/IeWX2HxpdQXkclSyo66DjSuRKzMP3LrNVCXLPq6irDHAHj4 XB9xxeg 2AS8mrd3q6jSuK/ZNtswieCnTfBIzYgH6Sftim3B6JVZlmI3xXWVFkkgUqH0CQVRmn4BSW6cxHvDepoHqjpeEG23CoBMAsRe4lBHp9om/j0qQaPinBJMvHjQCHNyv0saImTEIod AsNvdAtfUoHrcUbYMCV2Nzrmwoj36soLR78HtEvTyiCx2948U0AhHVB8 BhfrkutMXnGZUmqVDOXjETzxn8AZ1UtZ0vfG2751Bmr 21X8HPc89MmCObWvtR68Ul9FT89IAfjk7uJA8Idia/3kPqmfB/taT10RVKXT En 4npEhkYqLIQ7mdIYvQ8PBHXUkLZdZJ9yRBwULCAEfI6pk6iADVV3cjjFaYo8f3 EqrN6DmE6NS2QnI4xNA8h5phVVs7OM80zwnZvb2jCscTZx4Z5YlXidvp ZcKScw fUvS24emp4Jpa7ZnLqc8bx ymCvb6ga a5wp CbRqE6iudKJAStsBrb19LUItIjNr4j4v4p7/.../AsE2heIJUc=

http://gsf-cf.softonic.com/65a/267/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69669862&instance=softonic_en&type=PROGRAM&Expires=1445383703&Signature=K5AWy7mO7UletGYrsBUSyTQSnAfc62W7xF2BONw86fygeiifxNUPNjWOfOg9aUr6UbW9r-QbDDime5Ce7NpJt71vU9HQdgueYZiY8jCYy0gB9ACauO4obHDhL44zigK~si9Doy1uuvHBVfsxhCTBUHulRPmGimvD0z-e7oNePQY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Thief1-25_Installer.exe

http://i_mp3-es_thief-2-5.firedlopbura.com/crawled_soft/2/3/.../231430-673340-thief.exe

http://i_mp3-es_thief-2-5.fackidremioso.com/crawled_soft/2/3/.../231430-673340-thief.exe

http://thief-chess-client.fr.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOpGwrLp/IeWX2HxpdQXkclSyo66DjSuRKzMP3LrNVCXLPq6irDHAHj4 XB9xxeg 2AS8mrd3q6jSuK/ZNtswieCnTfBIzYgH6Sftim3B6JVZlmI3xXWVFkkgUqH0CQVRmn4BSW6cxHvDepoHqjpeEG23CoBMAsRe4lBHp9om/j0qQaPinBJMvHjQCHNyv0saImTEIod AsNvdAtfUoHrcUyREMusCc8o58a1eaprPniP9ZpdcOel9jRBfUq9bhGQW3hocRiVAEnLQ4bjOvUdzH6qj60g/h4JHz4RMMpFeUAHmPih 6d0inqEWCj 7E7N5FDpia2VeYaLTt9g3kHnm5Nn Wb2HDODkTbIe4lsrUK/8qjyIONvU0ZgeEaWRjQdZeEjoItF3 R51o/mT44YzCc1Bayy2qhWm 477NIp1ZQM pW6Kt2us1n/6ImC1E4V59YXuRd13JeJ47HvnVsNPOW/FLPuPRqTBQcKYVZ UnweDurvms84NmOfHPJ5tVwinLqVE2VWbUPlB UR5RLwlEObJhcl7 Z7v6z/wcfzdXH9r4j4v4p7/.../AsE2heIJUc=

Scan thief1.25_installer.exe - Powered by Reason Core Security