xknor0p4.exe

Defraggler

Piriform Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from filehippo.com and multiple other hosts.
Publisher:
Piriform Ltd  (signed and verified)

Product:
Defraggler

Description:
Defraggler Installer

Version:
1.0.0.0

MD5:
ca2c52d0a9f9e213884cffff9109c6d9

SHA-1:
ef0a247e60aa7ba2f364b1a75be2707ac48bc880

SHA-256:
c49553cb735aa2bc76dfa7379d0232aabf718e635021215035b35f4d3b9ff7e5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 5:03:35 PM UTC  (today)

File size:
4.3 MB (4,529,456 bytes)

Copyright:
Copyright © 2006-2016 Piriform Ltd

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\xknor0p4.exe.part

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
8/12/2015 2:00:00 AM

Valid to:
10/11/2018 1:59:59 AM

Subject:
CN=Piriform Ltd, O=Piriform Ltd, L=London, S=London, C=GB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4B48B27C8224FE37B17A6A2ED7A81C9F

File PE Metadata
Compilation timestamp:
12/29/2015 10:34:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:U9wu+wEOftnKviIRE0dXvjrF0QaO+za/qKJ8FLTZH:UGnw9lhHEXLr2IlKFLx

Entry address:
0x3A1C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 5E, 33, ED, 68, 01, 80, 00, 00, 89, 6C, 24, 1C, C7, 44, 24, 14, C8, A1, 40, 00, 89, 6C, 24, 18, FF, 15, 74, 91, 40, 00, FF, 15, B8, 90, 40, 00, 66, 83, F8, 06, 74, 11, 55, E8, 70, 2B, 00, 00, 3B, C5, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 38, A3, 40, 00, E8, 00, 2B, 00, 00, 68, 28, A3, 40, 00, E8, F6, 2A, 00, 00, 68, 14, A3, 40, 00, E8, EC, 2A, 00, 00, 6A, 0D, E8, 40, 2B, 00, 00, 6A, 0B, E8, 39, 2B, 00, 00, A3, F0, 3D, 47, 00, FF, 15, 34, 90, 40, 00, 55, FF...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file xknor0p4.exe has been seen being distributed by the following 50 URLs.

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://soft.mydiv.net/win/dlfilef7e95_295589/.../dfsetup221.exe

http://alpinefile-d.ru/.../dfsetup221.exe

http://fs41.filehippo.com/6162/.../dfsetup221.exe

http://filehippo.com/download/file/.../

http://filehippo.com/es/download/file/.../

http://dl3.vessoft.com/files2/d/defraggler_windows/2.21.993/.../dfsetup221.exe

http://filehippo.com/download/file/.../

http://dw.uptodown.com/dwn/6URYgNe9UDuyj-3AuUkWF6wAWKZoJZD9v_h_6rPkCl6F2M2_l4s7KySC3TP1ol-L71q605AP5bnC1-pk_wOWBsIhp5jhcwJ4PcwXH-oZR1Ydmtju0xNhbXw2iYriuFJx/EVYblubF00MzqLaj7c585LEnTc1hOAtwtCYu-gwFTiZFZMpphKX4fuE1sOulMzIKVS4InX-xid23Xyl0BVnbVpSUhRak8mZEY7PT1KZkyhbYsi6J8QvmASpLJiIJ-ktb/LU_XNzjt5O7uB-6Qk_D08eIruQT2JOh4wtEfOV_kCCq0BfBdgNsQBqBQj_hNc4887o_7D_Dtsz5946j1L-XNprbX2jByn8mfXQEjhgbSY1OHFjW-_1e_tud_Gdf1IVQb/.../

http://filehippo.com/download/file/.../

http://filehippo.com/es/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/032ee1ee311740cff5250d2260f77668/57e2d432/soft/.../defraggler_2-21-993_fr_44314.exe

http://filehippo.com/download/file/.../

http://ftp-stahuj.centrum.cz/dl/b7bd7761d856d0689d05bcde7560a73f/58139bea/stahuj/download/software/secured/d/defraggler/.../dfsetup221.exe

http://lb.cdn.m6web.fr/d/c/a/9c6d14fccea0f50a251e9751c560f108/5862dd2f/soft/.../defraggler_2-21-993_fr_44314.exe

http://lb.cdn.m6web.fr/d/c/a/4c417867f3b6cbfe5fffc7f33adb7afd/5846d099/soft/.../defraggler_2-21-993_fr_44314.exe

http://www.filepuma.com/file/1479369375c10946/defraggler_2.21.993/.../0/

http://filehippo.com/es/download/file/.../

http://filehippo.com/fr/download/file/.../

http://www.filepuma.com/file/1470439487c10946/defraggler_2.21.993/.../0/

http://filehippo.com/fr/download/file/.../

http://filehippo.com/download/file/.../

http://www.filepuma.com/file/1475087259c10946/defraggler_2.21.993/.../0/

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/8787af94af4f6450825340fa60bd5e54/581266e9/soft/.../defraggler_2-21-993_fr_44314.exe

http://www.applicationsdeliveryupdate.com/47sV YUD15z_1Vq1IL9zxWXyOdxIEgV IxRuNg8_9kF5K6KuIrGE_kmgvIaqMLg8NOh9cNUMIQIlG_uFT_AXWp6r0aiOEY76 W9Fx1JfUJJjsT5NvlZedcoYSh1DBJLic J7EkYhbGqViNEcjqQ6FftC7QPHHOkwSsvCWvNKWPNqQtSr3r4QVZ7 PCwOp5ILUH6LOOmBKrksoV6b703ykOeYxY7Nsj2ENiSqS607KTcoC9kEaCZGh5bK27PYiTPN PJq9qt9mmLMX5NjECNOrZn5Jxkg3xXGbtUfm9m5k99pgY06ZnYaQIiwOlgvZaasD8Q1flCUP9eU_siHD5qwUnQZskBT9 zmw7fA40nDX3dqJuHknqR12Q 6QMLBe4d8tpR0_aog2f_s9UFXdwwcUg1Rq_x9cSqidQG8iLqYAXHmmUj2i EJIZUfokEvv_GaAFxTmSX2oI5NEHpJVvKkzj 9P0D7psOOtfU6NlOn_0bPhkptS7vNF7SZiobGZ_Mhlc8djro5Mz3sO3VW2giMklJQ2BM Zd14e5ulxYk19kZ7pcnlWVY8ERdenmZ8oxfbGd2UUVbE-G0oAAORtm09TR N0fjjMRkFYUHnARb8UwlJiE2yMnSlR5Po5S4lugc2idxcC7_mPJUgh2nRgEqSMxVqo 7CoDExgzwA=

http://filehippo.com/download/file/.../

Latest 30 of 208 download URLs

Scan xknor0p4.exe - Powered by Reason Core Security