windows.8.codec.pack.v2.0.2.setup.exe

Cole Williams

The application windows.8.codec.pack.v2.0.2.setup.exe by Cole Williams has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.programosy.pl and multiple other hosts. While running, it connects to the Internet address 14.d7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Cole Williams  (signed and verified)

MD5:
022d2117e45d925c10996f8a930e694a

SHA-1:
04307ed53b6d69531fc0e9c6f666319ee0b2acb4

SHA-256:
1cf10f8ce12abc6a4fe8c19ed287a787a7be5e6ecdf8b6f9d5af89b57d868c87

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:20:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.ColeWilliams.AA
14.9.6.4

File size:
22 MB (23,067,440 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\windows.8.codec.pack.v2.0.2.setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/12/2011 2:00:00 AM

Valid to:
10/12/2014 1:59:59 AM

Subject:
CN=Cole Williams, O=Cole Williams, STREET=156 Hainton Avenue, L=Grimsby, S=South Humberside, PostalCode=DN32 9LQ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
39B7C287C179FBD0F13185D66A9E71AB

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:rPSLqFzXeljWrk9erNdMiXddB3r5wZ5/m+YZw7Y6a15e6lNW9ZEcEF:We1Xelj79ernMiXrBtMAwk6a156kc8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file windows.8.codec.pack.v2.0.2.setup.exe has been seen being distributed by the following 8 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 14.d7.24ae.ip4.static.sl-reverse.com  (174.36.215.20:80)

Remove windows.8.codec.pack.v2.0.2.setup.exe - Powered by Reason Core Security