home

1015649_stp.exe

Axialis Professional Screen Saver Compiler

Axialis Software

This is a self-extracting archive and installer. The file has been seen being downloaded from files.downloadnow.com.
Publisher:
Axialis Software

Product:
Axialis Professional Screen Saver Compiler

Description:
Axialis Professional Screen Saver Installation

Version:
3, 5, 7, 0

MD5:
9e5fd1dd4d24f9e9e07318e5ca5fe501

SHA-1:
0a3aa20bddecdc93dc068e4515c06a538f048dd8

SHA-256:
c2509e812bbd582ab8b13e219e47f889041e067194ff8c3988e6811756524a46

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/11/2025 7:49:55 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
18102

File size:
3.1 MB (3,229,991 bytes)

Product version:
3, 5, 7, 0

Copyright:
Copyright (c) 2002

Original file name:
ScrInstall.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1015649_stp.exe

File PE Metadata
Compilation timestamp:
11/29/2005 12:14:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:2cfnD/xyeBsT1ahO7/Ob6O5fszRSUFfGuPRX6HrZKSX3ZJL2aS+TMY1LB:28JyeBU0bbp50d37RX6LLZ5pgAB

Entry address:
0xDEB7

Entry point:
B8, 14, 1E, 47, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 75, E9, BB, 48, 00, 7B, 0F, 18, DD, 23, 45, 12, 08, DD, BF, 60, 0B, E4, 43, 93, C2, C4, B2, 68, 4C, BC, C0, 37, 14, DD, 92, FC, 0B, A1, 0A, FB, 34, FE, AE, 73, 69, 73, 6B, E5, DD, 2A, B4, A3, B6, D2, B8, C0, A8, E4, 10, E5, 60, 8B, 65, FE, 8F, 1D, 06, 48, F7, B0, CE, 6A, 68, A1, 1C, DC, AB, 00, AE, E6, AD, E1, 78, 89, FB, FC, 6E, DB, 68, E4, 6B, 76, C3, AD, 1E, F3, C7...
 
[+]

Packer / compiler:
PECompact v2

Code size:
156 KB (159,744 bytes)

The file 1015649_stp.exe has been seen being distributed by the following URL.

http://files.downloadnow.com/s/software/10/66/41/.../Install Mario World Screensaver.exe

Scan 1015649_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.