home

4926786_stp.exe

MyAppsCloud

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 4926786_stp.exe by MyAppsCloud has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
MyAppsCloud  (signed and verified)

MD5:
81629ceae00274cc96b7071a2084d510

SHA-1:
b7bbd2db2944dda95bee7ed1f060fb11c9dc3a3a

SHA-256:
ece35af81149cf163b99964d7e2bd1778c5d40d505c594dfe5febbf4473692ee

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 7:31:59 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.1472

Clam AntiVirus
Win.Adware.Outbrowse-2
0.98/19185

Dr.Web
Trojan.DownLoader9.28269
9.0.1.0183

ESET NOD32
Win32/DealPly.M potentially unwanted application
8.7.0.302.0

herdProtect (fuzzy)
variant of 2218518_stp.exe (PUP)
2014.9.4.11

Reason Heuristics
PUP.MyAppsCloud.L
14.7.2.4

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

File size:
1.8 MB (1,915,152 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\4926786_stp.exe

Digital Signature
Signed by:
MyAppsCloud

Authority:
COMODO CA Limited

Valid from:
12/2/2013 1:00:00 AM

Valid to:
12/3/2014 12:59:59 AM

Subject:
CN=MyAppsCloud, O=MyAppsCloud, STREET=Lilienblum 28, L=Tel-Aviv, S=Israel, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13FF5E8A14BB30591BEF9B24331F6608

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:H4iHYBhwbGn4Sjv8tfSS8qng+VIxZU6gZ0hXVfPGZ83QiddAX1WAfWGZV3fre:l0wyn4SjEgS8q1VIxP60hXNOZSwRVZFa

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove 4926786_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.