update_33.exe

Full Spectrum Interactive

The application update_33.exe by Full Spectrum Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from files4.fastdownload6.com.
Publisher:
Modern New Installer  (signed by Full Spectrum Interactive)

Product:
Modern New Installer

Version:
33.9.8.1085

MD5:
2011f917c8b6b8731ff131f74fb751dc

SHA-1:
3e0f2782cf6ae39a2d000ef82e59eb08c2f15153

SHA-256:
864b2b5e7ce706028c847c0176439a2969fd8f6507dad7a6be832c5c7aeb5aae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 5:44:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.FullSpec.Installer (M)
16.6.17.5

File size:
872.1 KB (893,040 bytes)

Product version:
33.9.8.1085

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\update_33.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
9/7/2015 2:40:44 AM

Valid to:
9/7/2016 1:41:52 AM

Subject:
CN=Full Spectrum Interactive, O=Full Spectrum Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C38AD160BBA36A58

File PE Metadata
Compilation timestamp:
9/30/2014 10:28:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:L/drv+48HzF+i8lm5P/MbwpGrKTc/r1gSxHMDbyDPE0FL/mvgRIwFA:LN248Tgi8lmxawmKYpR9nlmY

Entry address:
0x4AB3

Entry point:
E8, C8, 8D, 00, 00, E9, CA, 86, 00, 00, CC, CC, CC, 81, EC, A0, 00, 00, 00, 8B, 0D, 28, 3B, 41, 00, 8B, 15, 60, 3B, 41, 00, A1, B0, 3A, 41, 00, 56, 8B, B4, 24, A8, 00, 00, 00, 57, 89, 4C, 24, 60, 8D, 4C, 24, 58, 89, 54, 24, 68, 8B, 15, C0, 3A, 41, 00, 51, 89, 44, 24, 5C, A1, 70, 3B, 41, 00, 52, 33, FF, 56, C7, 44, 24, 68, 50, B8, 40, 00, C7, 44, 24, 70, 80, BC, 40, 00, C7, 44, 24, 78, 50, B9, 40, 00, 89, 44, 24, 7C, C7, 84, 24, 80, 00, 00, 00, 30, C7, 40, 00, 89, BC, 24, 84, 00, 00, 00, 89, BC, 24, 88, 00...
 
[+]

Entropy:
7.9680  (probably packed)

Code size:
52.5 KB (53,760 bytes)

The file update_33.exe has been seen being distributed by the following URL.

Remove update_33.exe - Powered by Reason Core Security