» 14280482_stp.exe
Overview
Analysis
File Details
Downloads (12)

14280482_stp.exe

ConTEXT

ConTEXT Project Ltd

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.commentcamarche.net and multiple other hosts.

File name:

14280482_stp.exe

Publisher:

ConTEXT Project Ltd (signed by ConTEXT Project Ltd)

Product:

ConTEXT

Description:

ConTEXT Setup

MD5:

110213df010de44a7e3059aa61169da9

SHA-1:

e3b05306b7e3e775c8eb94fc9b5972ac85e37b33

SHA-256:

b43360fd73565632e2cfdf99e4324255662e401b9f5e17db313e52e646ca440b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 5:49:04 PM UTC (today)

File size:

1.6 MB (1,654,328 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\14280482_stp.exe

Digital Signature

Signed by:

ConTEXT Project Ltd

Authority:

The USERTRUST Network

Valid from:

8/8/2009 1:00:00 AM

Valid to:

8/9/2010 12:59:59 AM

Subject:

CN=ConTEXT Project Ltd, O=ConTEXT Project Ltd, STREET=The Meridian, STREET=4 Copthall House, STREET=Station Square, L=Coventry, S=West Midlands, PostalCode=CV1 2FL, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

24E5A579DBEAD680A18C78C5D6A3023A

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:l26XHqanPim/ew8/SADlxlPCtSAndukkFcv1O:AmHqkpD8/S2fkdXwsA

Entry address:

0x9A58

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36.5 KB (37,376 bytes)

The file 14280482_stp.exe has been seen being distributed by the following 12 URLs.

http://www.commentcamarche.net/download/.../download-34075769-

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_en&type=PROGRAM&Expires=1481529845&Signature=dcgrpjZAwBLjoubpVIeVHQ3GjtODbXWoAEHGONTXIMsAu2soXLVsoULxSJDUcBsNsb0GJ-OrioI8bJtY2Qv-aoco1L8q4V74xRTjcbm6UCxBLeCieEjh9XDr-aLfsX~O0fvoCFDzsT42UA4MMgJAHcyhmAKCL0zCL-omS8ipOjg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_en&type=PROGRAM&Expires=1477480206&Signature=X6E1uG1b4mD~nJeEiKBwRh~rZ-UqmLV7Y6arxt2TjvuOxrIiArF78QtCULb5TZvnmhPt05yyE-FTsBnK7Pp-07UI1osVoyiGZ3srQUR4Jk3o23cnnNuy2Znnqoweynpr7wMISKDoXnRNYFaZA836p8xAuGJ8W0u8zStMdHxw9oY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://context2.software.informer.com/.../

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_en&type=PROGRAM&Expires=1449885275&Signature=FalmOkDWa-3mn1sQdNCUM0Gp-T0I8tpGfctyn4-v6zIR9Sfbklu-9YrsQjpCAGSXbwAl0EdCWPOcC7IYyWBPfSopd43X0lYAuG~bY7yPpODUJAVLX4liG7-XirAqE8xPqLPcBtMyopgkPJjRr88DRqSYKZCx4KuuKnovlBJJZzU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_es&type=PROGRAM&Expires=1479817309&Signature=J2f6GmXEUkA9Zab9jPTMZBd08mwAneKhiZw~QYlqSHKevlbjTDYGw-43D93Y8rYuLPT2wEyhy8V6xp9vI8fbqb81L3PsfWxk-gC-exjgZH1X6ettZggOQ~PKVf2I4BASBFEwCxKQ8hFp2FGGjKQ1-Q3hmHM3KDfGiTE2dgE8GKU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_es&type=PROGRAM&Expires=1474597949&Signature=h6tPWzo2673YeKeV0bFXla4hviN45YZkx0xZ1Ll-rFr7RVpNqxFyyqoSs5iPiHxCt68PTqWdVTvyfXAq02ziDre3fK~vgA6E7F9Z5yASdQM0fPfQHCuy0~BRzoNfFRxzvGNVwXXkdf6H7FrSKMMjyC3Xsk54BZojtlcwAguNe2M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://gsf-cf.softonic.com/e3b/053/.../file?SD_used=0&channel=WEB&fdh=no&id_file=15554&instance=softonic_es&type=PROGRAM&Expires=1460973463&Signature=HmeQAXDONjxuT28MwZR4qx~ev7vsPp9VZYLGyNMNic96k5lhaCjBREDMjvdHtLBt2QQSUnsG9NWzP8pPgJvAL8jH-vLrOj6fCzhlrg2KKZST9Mr~-1atAkrla7iS0uXapKe1-boCmUiWh~JVexnv5hFnsSZJQvaQPFMNKIkGD9M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=ConTEXTv0_986.exe

http://www.tucows.com/download/windows/.../ConTEXTv0_986.exe

http://download.dabang.pk:81/Softwares/.../ConTEXTv0_986.exe

http://www.contexteditor.org/ConTEXTv0_986.exe

http://cdn.contextstatic.org/.../ConTEXTv0_986.exe

Scan 14280482_stp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.