» 11301208_stp.exe
Overview
Analysis
File Details
Downloads (150)

11301208_stp.exe

Revealer Keylogger Free Setup

Logixoft

The application 11301208_stp.exe by Logixoft has been detected as adware by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

11301208_stp.exe

Publisher:

Logixoft (signed and verified)

Product:

Revealer Keylogger Free Setup

Version:

2.0.9.0

MD5:

f80b4491f3923efa3607107b439c1beb

SHA-1:

8a84858700b1308432b38d2f875e3caa4d315c70

SHA-256:

95ab8ed52de3463e531a7612973bcba308dfbb0087acd26ed0a20081e2e63f9b

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/19/2024 2:45:34 PM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

Keylogger.Logixoft

v2013.12.24.07

Reason Heuristics

PUP.Installer.Logixoft.M

14.8.7.21

File size:

1.3 MB (1,411,136 bytes)

Product version:

2.0.9.0

Original file name:

rkfree_setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\11301208_stp.exe

Digital Signature

Signed by:

Logixoft

Authority:

COMODO CA Limited

Valid from:

4/11/2013 1:00:00 AM

Valid to:

4/11/2016 12:59:59 AM

Subject:

CN=Logixoft, O=Logixoft, STREET="14, rue Marie-Rose le Bloch", L=QUIMPER, S=Bretagne, PostalCode=29000, C=FR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5B18B568174DC2D647EC70ED13CCBB8D

File PE Metadata

Compilation timestamp:

8/7/2013 1:50:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:UpLtpcPh8Aj30vXT7f+2h6KQI5ZGlV8lbZXvdC9XR55b9u/4JK6oA:sxpcPVjkvXT7W2h6o4cbhQ9b5bU4JK6P

Entry address:

0x1A8A20

Entry point:

60, BE, 00, 90, 45, 00, 8D, BE, 00, 80, FA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, C2, 6C, 1A, 00, 57, 83, C3, 04, 53, 68, 1B, FA, 14, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9944 (probably packed)

Code size:

1.3 MB (1,380,352 bytes)

The file 11301208_stp.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1443364945&Signature=Vj8ikP3W-t21EL~9TRWQWUrZjCUOqQTGZjFOmaMOH7tWm0nF7rW649RmY9p6B9QPGz9o9GAO9bvKonG5LSm3P0S8aXDRVF1Yniz8lWq9kkmhMmA45o1~zoUeR50cqwP8VLzdJXQGHaY6F2TyiVm2iAOnecU0H-dy~0sk4EM6Vr8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

https://mega.nz/persistent/.../Sp5E1TxQ

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_en&type=PROGRAM&Expires=1449241795&Signature=f9GgzmFAyjz1YhLfQIrSdiyOkh~jJUunLOp7cUjWqFZo8mOvPAaKzBpOGsfavUEpzr5qkiUGyY4UYNu~ZaK~JjCiCHjuNAIQ6RU6uXXe70Ec0S6jkmVBcwzTQM0avA-TtQ~YE9DyPWHLWorwUNFDcw19NIJp4SN0-hxvL32MSY0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_br&type=PROGRAM&Expires=1427878556&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=QT4AtUBlkgQzV-Ra88JLsVvXyeId47gv645~si-DwPd-sUUH-21QI6OmhcJM4RsPNjYiJTei1K82Tk1c-X968Z9dRxVOst3ZCz75JkTO5RCt11iOCS5FkYWIPJGhmB3krbtZefphBB8clM6WdIb6szyi3BgkUCyfixOXgfHsuxA_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1430573167&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=H160TtS95rW9SFscd8Wqx6gOuHTofJhPH8A7KURNlyLUNz-hXAJszBiFDW5mWfmqREanzB2u6KJWGD3YDVUOTISMY8H1Ma~uzrOljaBSt2uq9vTiNgmzq2s6fIHSGq0kmyA1pgPfZSJoET-N1sUAMp-tCdTADPgftsAOfkkdGDU_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_br&type=PROGRAM&Expires=1432808297&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=O3q--QD-DWFjT5rGEEW7qG3z3A0qzWWN118VAV2pnPZPWVXUC5pFgFtQbrqlZkIOrppJpNkEyUzwBNQNKWi2VAASb~hWM2pLqvdAU0IjiVo5r-0lb~UWisYBQO6AYQhianA0n3VUD9kM83p~hN417a8D2GN3GTXu5L6agKavxmw_&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/9efb7115b5c104499ac3203bc3aab795/580e0095/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://lb.cdn.m6web.fr/d/c/a/cc5b1bdf6c477d99dbd460c54484bc14/581c7558/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://lb.cdn.m6web.fr/d/c/a/f260fd8e4e00e8981daa10b28d1909cf/56d6c5b9/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_br&type=PROGRAM&Expires=1430985237&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=dSea-7wzDwmDEAM0X8yTkHydmZ7ngWIDNV1lMgttA4DG88GypdbBoEf~EL2FImes~vPxNBY-EXZHGwkF7bz8lJR9SbPU7ucw8CcNT1pWJH14eAM~ad-ak0LxNnSzYq24Ozl5A6-bIbRIuJQjc5iiRuvxGt7vcfmUFF~ygz00VZU_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1443754599&Signature=LLVVVkFND3NGEqhQBPgsKBcO5Gq4WjJ4FpMma9xo58B63A9QTpatUfGtv1sPvkc4~lQ0hlJbYIU41k5vW86Xcy-yWx-ymGApp2gBcZCtAVEsUkQEVkacATFNPVisi~ulnN2FYvJ0wH2BtEYBsGR6HQZzMdbZkqf~kMa92fHbzNQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1440554628&Signature=SQ2-EdB8G-WRybhsznB17alCGUo5Oyxo2poLSt431xcY~CTpqEqaDVOm2KKnNX5F863H~MFeIS4rR7ku07DRj5foul2FmaIcPQccdIn4QTgLdw9r2xcf3b8dzZFOQviAVrR5PpYA18gC~s23e9GZZs2UE82-QJMjHfdKgdmshRI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/8d20f87f7f71a34315bbe2fb54f39851/581ba430/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_en&type=PROGRAM&Expires=1446090408&Signature=f-Jayub6vLT~GeB8ybPO2eEx-Ahr2Fqf2lzyDgoe5~1cE8dhoxztMP9m8k~OdHt5mQ-RlXPlP8jEXZm-~snU8WqrMHyaBJBQI58Qc-0UEfTDlICByqqvxvXybywb9iRsdT4ZCH~4ef-Zahk52zOQ5mNwvxGOovcorqtkMp9WlZI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://filehippo.com/download/file/.../

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_br&type=PROGRAM&Expires=1426723911&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=NouXT4evQhDpmVx0A9FPrRW3EI3E9ipe5~AGrajDUARq410pU8ytknzElZwP21J0gh80EOAt7E~eJKb3hNtNUm3XClDu9RY6aJr1pEFjJg2KUqZ9LGo~GNTDtfpPJUpc4Wpjs~iLvP6wZu8UIzN8EBXuXB4N-LP7NSalDKeFBqo_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1443048204&Signature=hXVjRgBdRho9LgPZKTlLk~pIxnSWUTh87YVIndNfrq6BsKDg0alOoDVt2e417AI1OyKq3wsnH5QmWWwV7wuwSiPPIZFUtyqB-SlwSjLDzypOazYvrG9KLU9H2MPkC7FMNOGktHYQ4y3tX3~LK6gt4H-1R0zlEpGH-9Clue3i2uM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_it&type=PROGRAM&Expires=1440424393&Signature=KgGTZX2J6MU4z4ilm8Dw2FjxRUKs5JgJA9R6z91f6D79G3lU5CSZgImqPwZJgziO54zp-akLCQbqhUh3jLgOMcF-vab9eGczkbiLKM692oBJ230XdmdN1MJbze7lSXVSdTE4dZfmmQN3Gwfwbe2nbhBucnHzC93wcTUywV2vmBw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/348ee7806075b60dded1dbb395ce1c1f/563f92c6/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1422926762&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=BNEqpjBfW-RMGYThdsE6ZO~5gxUkKM5YmqnEDzN95zwAAQLs9UNKaLCz4rstYThI4s8Vs~EcsEIJVnY6ykTPIoR4qFm6FopPji2aTsPoRR~ygdXaHmI9FfvOv7Z~a5gQKG7DMv5P57~S8dYs9zZAd18BbBcubwc8FeT1ArGxcLA_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_en&type=PROGRAM&Expires=1446452390&Signature=fmNdtj9b3jqVPNVDTrIfr2mVfAgaIiPNFK-zSFXAxITXQJld5SQ9pOJh8MIkRu5l1UppKeGEdgGfqc~xLaKqc8JOq2dsFzG9aMWC3Un2Xol9lhamOyS1aPaEQuagShJXWVtxIcyGR6ss-QjBxQSNutwkzrxYXFMD4B8br3ov5To_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/39efb55da08fe77955c10fafe0dc5b1e/5788c623/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1430055250&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=c7PUgKrsWRFoLijSJ0VIb76LXr79h8S29F8-SmgoNwtifBqHJQeVfH2eWcGwZuSOMe5MrbG7rIct87CVUvv7agc~YMnvRpyPryYkKO7OxoKdeLI8F7vTokB-sRYcNgVCEewbuHFTdMdHyf2i5-UavcFNVU7A4MaHvQfHqV7DA~Q_&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/da13b13c2d4c171b1ed852ee92843179/5753e7d0/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1441334992&Signature=Gw0jBQ2X5COYKJKqo1N5j89TT3q-NcAbGyo3AHa24CcwWWzmZTITAOAYyVL1mv6xJ6fA0EbdDFmUFXmcc5So7JgmAnIwFmWoJHcCw9082hbWepHGH1-B~lgeMjfhDjGtZ62BYZ01yDNNgLpZ0p6GJbco9ZrdeXrm0g7z09gy90Q_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1431508422&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LZ0rbnWiFX3AW2MaaIZiOoq6PzXlSVfcYrDE~1XHMJNG7GMNIRD6H5lww63H5WyTQciLzzqXVP0dHFa-QcBSIlcnUrEusJ9aDecSKSdEPQFIOrGH7KiSoyGcmU-wouaAIwRDCZL3L9zdcZ3r4qOP8iieJK-VzhXr9UGg6XsI6f0_&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_es&type=PROGRAM&Expires=1444890426&Signature=aomPREvmv12JvhZnkp7lfqJ4j2XMaLXH4pao6tFthmetoZTkyiWQzhldvHIhEKMlQ7h29ZwhiPwCg0XAWL5eac~No0qEVL8qzupvikFz1WhCUnbV4T3wTYBQP3KgufcCUYBhJ1qJwhem3r~lV039I1WTWLtBTknxsO~fcehs1RI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://lb.cdn.m6web.fr/d/c/a/03d7d3daebe8bfa0ee437856747c21cd/584002fa/soft/.../revealer-keylogger-free-edition_2-09_fr_183740.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_en&type=PROGRAM&Expires=1443003745&Signature=eM3bgxcwErzTwJm9iAP1niAnuBN3VD0odDRgvU5yVQ2NxMhAsmh-REI5GxOhsu8PMz4CVZZ7hk-omVqk5qS2lNBOex2YGdxUgxnD-Oy-Lk1K7v0CIRQ6DBFRTK2LWrbSXZog1-4pVxHyRo4nklzDIFF6ocskUMYBXXkK8qr1eaY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

http://gsf-cf.softonic.com/8a8/485/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63914&instance=softonic_en&type=PROGRAM&Expires=1446964241&Signature=hIGz5h9e9P~MH6QMmFwbGWT-umYuCF3QRr3jhwA73RlDigKb1gKQzcDy~MDiR0wCVgWyiDItQLenBrZEiomkpMgGkdnZryjBIuTXgvi~rgsidfNyF2zT8c8CP44iWVHCj14FHHDeMxuCzlJdRFa1g-vqvd-e-PIhEYnIKOfjvf0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=rkfree_setup.exe

Latest 30 of 150 download URLs

Remove 11301208_stp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.