» update.exe
Overview
Analysis
File Details
Downloads (18)

update.exe

InstallProgram

Crystal Launcher

This is a self-extracting archive and installer. The file has been seen being downloaded from www.bytesendclear.com and multiple other hosts.

File name:

update.exe

Publisher:

Crystal Launcher

Product:

InstallProgram

Version:

1.0.0.0

MD5:

c77662a91801eeeed1287cdce7aad2d4

SHA-1:

27be164603469ce5a6fb061e1fc21431b32d4625

SHA-256:

479a3d79cf980c9710de604b247fba5dd72f89183f98d3df633e481ec0254a66

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 11:04:19 AM UTC (today)

File size:

101.5 KB (103,936 bytes)

Product version:

1.0.0.0

Trademarks:

Crystal Launcher

Original file name:

InstallProgram.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\crystal-launcher\update.exe

File PE Metadata

Compilation timestamp:

4/19/2016 2:13:32 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:T2/khNuiNPSKv9n2Bpb4K4Q2eeAmhjPp4Cp6USqptpT3TTHfBQfht+UBrn:TV1SKv9n2zb4KafnzzZHH+fi4

Entry address:

0x1A0BA

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

96.5 KB (98,816 bytes)

The file update.exe has been seen being distributed by the following 18 URLs.

http://www.bytesendclear.com/8U0JyI6UngByONyBtBk5CaixgTLncsaUhDQh7rpAtqrfI6FpaOO9T9LIKVtVdc2_hoyawY7wwIYZkOnbCrsgbAJQ9eHWIkfokpXrN0QcSDrG M8dfFbquTT0fXhW0FXdT64rcxOVgyGO2V9XnZ3kJTIj8TtzFKjKMadPs3XkTRXv fc2nZF_mC9ihOHeJQ41tDiR Ae162QBePUTyJ LG60VshrtpKsofoSEJ1I7NUVVSDeRtx1GEujGVSvnz2o8al79t0nfOsb5VTOj2JLMPbZDXQhjE9V1yJiH96iASAAfnQz1cTQxscPev rgLAMr7dJ3sHQaXEw1nC 0Oiya ZTFxQIOpumKYVfDSTezmqv02LiPZTog_6CAGFnSxXP6_8f5vbj1lGueYzD5vdcy UZBCY3eB0nbk7PlrUzJdVVjM0klCVEhe_E0wUASHSa3uLNIPWiVd52TwAaT9m4LhHKEkYxz8Fbgg1FA wYl1t18xBm7HbeDWAX6v4tcczAetmKHWB7MAnb3sSe8_4FkfjLa9ItVTthKeA7z7TKQz9hB2 F_uzZ3gN7GzTlBP0QmWBTQgb8PLfFkskoFy 3eXVdBV5vlFbhYIKvB83bqoDuFHwClxek=-G3UAAGTYtrmAM8wYjwwjwSEHDl_aPMEAKeRgYwzBMRtBJ70xiwzqdjDFHbOgLYty_2ByqNq_Zo3__j0WoyGyL4 V5ju3OnC6Y3GibP OE7seX4EqvmcBTbAd3yF_OQ==

http://adf.ly/O=D=VQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://www.bytesendclear.com/n2dHrD7LR5Mi_puVg6L7t1ubhpiAs6lem_gPe3IWCspenfPlLBUc_0Xht8ms8Q13 ju72aNqnJ7t3hjAA6krV94nsvnwKz2Ko43iA1nHuRolJHA9anC5NJ0W5xYsKoj0u6ETr U6voflZM4oCK8KjxbRAdCQRfQuPj9AOpGoYy5LKvwut6BBy2LE4li3be5Xr4q5WMBGleF3e5e1urE2A_USJArsbSxhaOHEB9pLK090xskg_pT92Ha92ZaU4nezSbKjVv_urwApVx4TqTkMQqzfGSEkE0E9hydJeOfw1tqi0AfuWan8XmSGlzgyAga2mivsTS0BnO6bF3MtAjQlb8sX Tuj_BDNrgoHDLaEoee2uwcNTi0zdpWw71tj jfaXR_TTnf5yTeheonb1CR4eBnUqAX_WDUMJB7EGeulDvXp85dHS1m2vQI1oU0U6qtCw_89rKBBMKMKloICjf58NjsphQ8d9_UA_jV8xeUyOy9TDloJOZwDP8l1RXVIjV8cBx5LHevZeES BA0tbtnz2HfATDpR0Z7_M vmUNBHhZeGuB4j3meT6oR8jIKCdPkpz9HEu6O93v3KbeV2Qd6ZJ0gvae2qTjAdsHf27f LQ4yaB6orjqY=-G3UAAGTYtrmAM8wYjwwjwSEHDl_aPMEAKeRgYwzBMRtBJ70xiwzqdjDFHbOgLYty_2ByqNq_Zo3__j0WoyGyL4 V5ju3OnC6Y3GibP OE7seX4EqvmcBTbAd3yF_OQ==

http://adf.ly/Z=T=FQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/M=W=FQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://www.bytesendclear.com/WAZB_uFFpI13uD6Mm30Cc4HZbwNLNBE m3QxOW0bgk1Qz_8Lws6Nx8HbAfaeXYTmjEmF_9vA_KXHkfEq4mNLlV2bq12M4xH1F4lbQooSk4ieDn7Sfoj e6 jXh50ztyyrtLVb0YFlQnQygsq99FdRQu6KfCCitSuM2NfiVg dTmy_Sc9bZPVJwFM09pnJM6Ct0oJOdnnrM3I74X4Gp5eTYZxGt98Mw0f Gg_weDR5roJaTEpVGWUIJXzpYaDlUZk6cg0W1RZdwcV66WyO5Fn8WCq5bjHMvQ2w0iav1FscwkBjYk zezGqffW4jxRZ__PhFPybVNPW3Ghmg0eNV3zU d5_v03eRfvO5lF OQuabbJpWvG3ZvC7uFRlDLpZLLsLuxIMnh9HgmbSz d0gwDnhSeCdH6xZggMaEmsM8d9qBdXzsWBk3jhIc2114rI1q_ACc7WHyukbA1p3in qJZAqeF2iTg8Miiab890RpH3YimDClk7rdvX5CsP7wx6CUMgj bBJWI6f4UkBLGpvfxf0beMgXB4O_kAhSxs1sCF6sixbDQ_8NeD Vd7 b0MoB1HtC0Vr4JlEAeP_oj9wL9fPPMCq_WoE2empmbb7dkU0um4D w0Rc=-G3UAAGTYtrmAM8wYjwwjwSEHDl_aPMEAKeRgYwzBMRtBJ70xiwzqdjDFHbOgLYty_2ByqNq_Zo3__j0WoyGyL4 V5ju3OnC6Y3GibP OE7seX4EqvmcBTbAd3yF_OQ==

http://adf.ly/Y=W=RQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://www.bytesendclear.com/AN_fXrX1N2FnLt2ksB06b696ywc4FFP2jx7ZErUKvCtOV0TcElLKfa1QRjwT9jZPGyJt6TDiKzKj7Gtgn WDQid0ORpRXOc7ug_rLSdWVET8FYnqGAnt 6jQOsVPTGuZxIPM1odzx L54f4BVycxh Qju9NuobgtNaqPTgMjOAK55mVoOesZFNId4H8D3YnU0gQb1k7z9bKRoeuccrYUq2KP6 kILlOH4Zwlq2CihE5vGXH0vDa5Ddz OwTzy2goBix2c0QaHPZHBT6xWslxs4K0kKFzGPzLkYFOBM24sRK6UjxMnDE3OXs_gjV3UI5Ri6ud2ULo8T0a1Yv4G9LVD47xX3nh_NEqDWXzCCqXnc7KVmyr4YkfoHC1f 5nlTLIXjxLIiw3tO2d45mz7EY5Hv9SlOBMB83sKHmYD7MlSLUaoEBL YZjZ4hPdojphA5O0vCAKCfmqCpx71LJdxb5z_wOEoFJaxOX2EPwHJLQSrpW0KwjZmRnDyMpOp 6V4svaD7JzCVfjy7YD1qIma5C3QJV3sK6UgFzDZBxYgpUfV 4OjOi52047tFvfBlh2kPvjHJti J0TaT41Pe7zt_SgrgfEkt8peCnXUHCeh6Tj 19WUhUudjDbzEz7G8n752o1 gy8ncJ-G3UAAGTYtrmAM8wYjwwjwSEHDl_aPMEAKeRgYwzBMRtBJ70xiwzqdjDFHbOgLYty_2ByqNq_Zo3__j0WoyGyL4 V5ju3OnC6Y3GibP OE7seX4EqvmcBTbAd3yF_OQ==-E

http://adf.ly/M=z=hQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/Y=m=RQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/N=j=dQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://www.bytesendclear.com/W1K1JDG9N8jt7bNthha1ocXA2pi1FKHCuDCOZNbgl_eHITlcq6qS5JeWwDQhaUHUItM4KaJzBSNK 6Ktc9RC9b552nzOaVo94 at2JsWvbNRC_ qMLIeemDI1ZZWpt Zz0L8BoGGSp0BkG0IJKrMkjrXeh61aatUv_AlsuVpyapAOVSRu3ldiyC_AKj4SYP4qwYEsudJm87gUOLyaFbmx9_SDQRz0CK4YD5j5eUBEd2MDBpPiDRfoIi0jl7hGGA0Z6wMcjj3D8N1Cne7pU7Q_RlO_E1FiUNKiJfSH5vhIrYJbbBymo6yToZ2veDhwWF Nc8_gHDxl70drtEcdM4F4KPRGkcm9HIcwzqa3VfTC2YEU92 96Db7QgsMTTbsYiJmcGA2Guy3V hA0YQK694HcIe60nug1wfW31 9EhmZmsT9_SrYBl y6ypjl9W05gcGC15O8TfqmrFB_eCuaXw1bR5aCmDV25WpN8nsREVwNQJW_PfF0fBw4LVcBhjVoqcrqkHOOQoaANA7aQ8qninBLWlFkrRBPdssGWHHC_jSY93vPGAN05xt2HHRbdpJCxt9wF5RCmLUk McPvPw25Z8Qt6uHyDD9wX2v0JRHUNFZ1JhSBIWxZh8ivk9g9aGXu5VHOPFdYH-G3UAAGTYtrmAM8wYjwwjwSEHDl_aPMEAKeRgYwzBMRtBJ70xiwzqdjDFHbOgLYty_2ByqNq_Zo3__j0WoyGyL4 V5ju3OnC6Y3GibP OE7seX4EqvmcBTbAd3yF_OQ==-E

http://adf.ly/N=T=FQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/N=m=RQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/Z=D=NQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://adf.ly/Y=m=JQoZd4HVRmwLOyiV8GvbYs3FJG5dcz35RWhSbtCI1XsZYoXNVmubY12FhGlTcsiF5GwdbzCl9npcbDn9Ny0LYsWx

http://crystal-launcher.pl/install//CrystalLauncher-Installer.exe

http://crystal-launcher.pl/.../download.php

Scan update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.