home

331165720_stp.exe

Magix AG

The program is a setup application that uses the Wise Installer installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Magix AG  (signed and verified)

Description:
MAGIX Xtreme Photo Designer 6 (US)

Version:
6.0.19.0

MD5:
58223d3af36adb54c8f2be33ad71f9e9

SHA-1:
b89b601cd2f480192bd51c2b432a1559131c2e63

SHA-256:
e0ed0e7e2afa36c87d74166f6563891d076e5c8e9d6ace506bac7a73254e9f03

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/8/2024 7:19:00 PM UTC  (today)

File size:
14.9 MB (15,586,240 bytes)

Product version:
1032, 4455, 0, 0

Copyright:
MAGIX AG

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\331165720_stp.exe

Digital Signature
Signed by:
Magix AG

Authority:
VeriSign, Inc.

Valid from:
11/19/2006 10:00:00 PM

Valid to:
11/20/2007 9:59:59 PM

Subject:
CN=Magix AG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Magix AG, S=Berlin, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
36390F288537306822336A6592C1C0FB

File PE Metadata
Compilation timestamp:
10/25/2001 5:47:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:s7UpvM3ZGsB6eDy8T31veCgdqTizQYTD02p+oG339tb6IVqs:s7U5M3ZGGbTl/GaeTD02p+oG33H6Ics

Entry address:
0x21AF

Entry point:
55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, CC, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 64, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00...
 
[+]

Packer / compiler:
Wise Installer Stub

Code size:
8.5 KB (8,704 bytes)

The file 331165720_stp.exe has been seen being distributed by the following 10 URLs.

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1471395512&Signature=EklYNUCGTyah5f0fHRHnhmeDdvnjUsJCG1usueCpja08uImNdIFDv4bN08OC6junZ8JsUoouhez8v3C-nw7StlSrpkfF~inePV2YzuABzDnPZ5bJtJad7wDB-gLisSrYi4Wia8vl3aMPrIWEH8QvdJeVWlZRMEhDRS2Ra8TR00A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1450068634&Signature=ThxMPER2LPJaH84YhWUB5GAeQ1v~FfQlRM3QSqOhbZfneTFnR0S8LVE8qRMvhOuRpgXROUiqpStrSZq2K-7PYdRnCR2zj~CQbFFWT8KnlvAMGTVJHi567I~bCoAylMG0h15ZRSkpMREmHKsDbZO7PWZ5uQ6pbkPvbuVWlcHZsWI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

http://www.towerbitscenter.com/YSIpqVML_ahoOTwAadnpL8eD4ziYK1HavWUtNRNjJvDO7HEeCpm73ETIwTUahjIDC8awwvyjQjxcswdFAbhjb2XUkfuYUhg4gGzxCqOJ9vc_JZTxe F1xywG6RxjhP4EF lFAVG4GLhhTiYWQpzSpI6ipByGTCI33FzBt7a2J_ZMHSpKEMtzGr3EQemGm9y GB7dh45TRvmO0oY66W4C4_Z24iaIvg==-Gz0AAEQnh3a8RnjplrXWwSEH7K0uuYQceAyfT56VT5I0xqjocDTsJB7lD793BCB5qVs4rv4B

http://www.ranchsendgift.com/8KOiJFZM0vab8dEMinoEvb1fKGhtV6U7_xrnV0Q25Tm6bcIcMXO3vXvunmtN3Rwta87FlRe6r3cSP5iUt9x6 pq83XJ7eERdLdBKEFGr3Dy_5NzEFJq8v70t3pJJX1CQZW4Ww4KZQtTogJTr_o GHVcRkP2CKhJ2pIlBf mVyFY E81MK86fBAjQkAXVQjBaFn2fKAyBWDdUQu6gkhuwVJlrHPMSBw==-Gz0AAEQnh3a8RnjplrXWwSEH7K0uuYQceAyfT56VT5I0xqjocDTsJB7lD793BCB5qVs4rv4B

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1449116188&Signature=U-zIJm4Xq7~Ja6HylHt9HF51bN3upjMurlT9jGTQmkCgpsmebi36lf0TTtTqDew2u0Xoa785INFVfX8TcfY7jhaRAF456JcFIzuuLFEGz8CxurJcBn9RmjCdbXcK0Obd2FQ3gD~SbeBj-ktN0xcHK0r0w2gw61ukYoDN4z~ZazE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1467154166&Signature=ej~poZakv82ul8BwFyIXfoIAyT5RVPEZvSFGc0FoWXduKhtHmKEgqNRbcXOww1bRamXhRLfh6mgl04U3Wc6MBlgIHQGBROoo2agHS7osfK2KdbUxnXJ9tWoLpvfQ0f-BJvYtBfs~89-Bs5~5RtlnmWdg09ifsOZyxARYuA5fXXk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1460700452&Signature=V9hceWKno~n7Jfk2faBB~01W1vgtLXlmM9NT12eAU~kY8dYsoMCfhEQeXD1EJCT8x87hA8qFR7ZUHv6tCB-Y8tFfTLj6E4HbBa4bxBgBb5ZlsgGmA9jGoU1Bl7lD1jgEtAxu7fFa9~N5GPgx73SEfijCOJML27Wkrt5f2ZAbNyM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

http://csillagpor.org/.../free_xtremephotodesigner6_us.exe

http://download.magix.net/free_xtremephotodesigner6_us.exe

http://gsf-cf.softonic.com/b89/b60/.../file?SD_used=0&channel=WEB&fdh=no&id_file=94303&instance=softonic_br&type=PROGRAM&Expires=1453734172&Signature=MrmB-1-1-eWME9S7DVTopTBgR87KoP6eUq1smX7bQwmNtqTl-Uvn6v6lCVUh4jUrrIgg0ASQNefpCZnSjUpPAfTu8kYhDYzJQZubOa-DgnjZkFiYoJWqY12fERqHMREZF6-DJVudTeODnmDb3domvnEDMuZS4VcjaCide1OHNiQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=free_xtremephotodesigner6_us.exe

Scan 331165720_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.