upfall + teleport - icooper.exe

The application upfall + teleport - icooper.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from fs01n3.sendspace.com and multiple other hosts.
MD5:
240177310c0c18b8fb7710ef8a41a4dd

SHA-1:
728e1e325025bf565c563108e0ae770923eb162d

SHA-256:
33407b9040e23c4bc10d27d7122d02510e18fc6ad12808754857d06320b5f203

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:50:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Riskware.Trainer.Meta (L)
16.5.6.15

File size:
4 MB (4,201,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\upfall + teleport - icooper.exe

File PE Metadata
Compilation timestamp:
6/28/2013 11:45:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:EoDSBWMka8Xzpr6uUyuKn68VZzvI7LyT2np4yYWl4Nb:UWZ7R67jK6Mw+2nblmb

Entry address:
0x15EB

Entry point:
E8, 1C, 1B, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, AC, 27, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 6A, 03, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, 4F, 03, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00...
 
[+]

Code size:
35.5 KB (36,352 bytes)

The file upfall + teleport - icooper.exe has been seen being distributed by the following 22 URLs.

https://fs01n3.sendspace.com/dl/0c10d3c11f4af37851e3f7ee93aed106/5765a89334ecf07d/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/3154695b0f171bd59cd6b2a0520d031f/584e1e52681dfacc/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/4b0d4e4d85f8c46e3b4961d0b008c345/581678a760a1380e/.../UpFall Teleport - iCooper.EXE

https://fs01n3.sendspace.com/dl/9be0281f1c826cb182ba71f49a6f2d3d/580953645aa9aea2/.../UpFall Teleport - iCooper.EXE

https://fs01n4.sendspace.com/dl/a6e537091c4e9de42d2489091f90f65d/58289eb8513fed25/.../UpFall Teleport - iCooper.EXE

https://fs01n4.sendspace.com/dl/94bc41dde917327cfbb1444af9d657f2/5788298e063abb3c/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/ded64dfc66f7fd622b92a0b1a3fbad1e/57606dd021df549c/.../UpFall Teleport - iCooper.EXE

https://fs01n5.sendspace.com/dl/072b040d139a571b6f9c0af07113938c/580ab3924bf82a5d/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/1f6d258bbc7db2c30c987bdb54c4ab9b/579bfb45580c4c96/.../UpFall Teleport - iCooper.EXE

https://fs01n4.sendspace.com/dl/9113715bdc10d527404f7b9b59ffd0a1/57def1bd7358b6ae/.../UpFall Teleport - iCooper.EXE

https://fs01n5.sendspace.com/dl/c2399b56a5f396c75b173999376488b4/57e339272d106630/.../UpFall Teleport - iCooper.EXE

https://fs01n4.sendspace.com/dl/e9713c33ceb7c7ead80708fcccc39a20/57b932b8792403b7/.../UpFall Teleport - iCooper.EXE

https://fs01n4.sendspace.com/dl/2399245918375e92d5f44f42681efb49/57bcd33b37fb41c6/.../UpFall Teleport - iCooper.EXE

https://fs01n2.sendspace.com/dl/2a29d1e31d047b09936cb509c390dccb/573df94346c0b28a/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/a5cddf8333919d7dddcd2ce240e45cef/579ba28759292db8/.../UpFall Teleport - iCooper.EXE

https://fs01n5.sendspace.com/dl/dcc7c458a78f75be781c58bdcf898e5f/5794d5b503659d4b/.../UpFall Teleport - iCooper.EXE

https://fs01n1.sendspace.com/dl/246b18c56cdf7ea2fff6541f4450c70f/57a284fc55d1454a/.../UpFall Teleport - iCooper.EXE

Remove upfall + teleport - icooper.exe - Powered by Reason Core Security