home

50eb4153_stp.exe

My Program

Tsingsoft Imagination Information Technology Co., Ltd

The software installer may bundle adware as well as other potentially unwanted software using a download manager/installer from ClientConnect or OpenCandy. The application 50eb4153_stp.exe, “My Program Setup ” by Tsingsoft Imagination Information Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer.
Publisher:
Tsingsoft Imagination Information Technology Co., Ltd  (signed and verified)

Product:
My Program

Description:
My Program Setup

MD5:
dfdfe36e4cb6a119cb8b058772c90651

SHA-1:
9386920e649af1bccec886d5ce3d91d4c9108496

SHA-256:
c7046c2bff415c739a6f51b0a330c808836532644a8369995f0cc21b66fb4655

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:36:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundler.TsingsoftImaginationInformationTechnologyCo.Installer.Meta (L)
16.2.11.15

File size:
667.9 KB (683,896 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\50eb4153_stp.exe

Digital Signature
Signed by:
Tsingsoft Imagination Information Technology Co., Ltd

Authority:
GlobalSign nv-sa

Valid from:
9/20/2011 11:12:19 PM

Valid to:
9/20/2014 11:12:19 PM

Subject:
CN="Tsingsoft Imagination Information Technology Co., Ltd", O="Tsingsoft Imagination Information Technology Co., Ltd", L=北京, S=北京, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211887AD441BA7E15E9131AAA0DEF9248A

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:LtDFacRL8OkN/9084AiE7GYFc7pinWoLe+WZjrZFuQyEEGiRX+papbMt40H8afVW:LtDFpxY9VHNFgAW2e5vzElMpY0H8wVN8

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 50eb4153_stp.exe has been seen being distributed by the following 10 URLs.

http://dw.uptodown.com/dwn/GAHO2VRpC5NL5T5ccGTcVqPTkIHpgOvXAZeVuSWLVs_Ovm4NugjfyCsuSs4E5_Ktye4LkOufgkGfFZbCMlxhUFpZxQKNhahVTWnBBHKFJUS5DHaGX132kmB1lSAGvWmA/OKJqDipnOvbjNZ2K419KmzjpbIHm_60G9yNPNNPp1BzNHhRiZzmg6PoTmoZ3ryWeJPAZgmWI7H9qCROz5kOdH_ttIjb9EqFn3AoctYempIbW4FW2_yaqfC4WKouFHJqc/EYm6rAH0Z8BaGGRJeWjnJZX3M6HHRjCJ18TTSa3HqQak1xnc9KkME1qzlx2A2u8td7JAn3WSaFROIbLNZcEUp4ac49vVdgw756kDRi4xCrQU9DICwEe_jDpcoWhNbHVV/.../

https://dw.uptodown.com/dwn/UMhZA4e830hAAkAKh3Itk8oDD4gby2pSRObQNFkZG8AbSDZT2hrbMCa8tNfCvD7OFbnwL54bmL_NujP_fopYZX6IdPH8fEJROuttUn_ZpKNprwSditdzUr-OetT4x8cn/kB93grEEghs2L5yb8038k20mNBjmH_J3sSdeRoDVYy3Os4d465KAOYZJp26Z59wULgENNb1C4WduKu6xaM-Pq2tEPyC-0vLhz5uhAGhmWFbWPP33OmiYKhbDo4v-gN5c/DZIEzPSMZus1un_VfuAUC-ho3navT2qKGaZb-8FolOBf2CW34mFzPIUdQcm2X4jbeBnQQix0XX94mskyfkLzLztQA8fSpp8qWft7hY9aojRvPWbsyY-1JTi_VBX4CCjC/.../

http://dw.uptodown.com/dwn/ndUZnBLdeBSDC8ddherVDwK3wEnex5LHIc1KXNmqqfsTAVtFfcyMFJK6gCJ0Pfc3llxFmYQGeVpt4yWNDUyaAslkNLeV6q1lJBGKWPX6DAVe6OS9bV9jZqr9I44ievfI/PIQj03Fg9UDM9-MoCz6EjqmUfbX8lhnZKPsYLZN9B7kLLhbBIkIelw0nnH8JYXT3SVhvWmuFZfTBoFp3-asQ5tE_Odsz2Xa-JiZfSbNzx261HitklmvOMRCOB9VNdGQS/W8RNxhPeQFRx0fzT827JGDNHD8lt7AoHXMJYwR56yu-_yw4vBhXChq1GocJH2NU0Fg4Q3uUp8cw6VWO21vCDUYLCj5WTmK-EAgj6t3CVmT8cqy0oM4e__6RlmhbMIUb7/.../

https://dw.uptodown.com/dwn/VCLlZ63V59UVHeT9usfFpmaruTPQgSKpieu_7wJflsekwOcNlAzxH2LFNhTrBAWKdvqL9jIZsJ8SOSe6pgQoHnnIRWV0rPHCwaoenzXIpXuAhYH3Q_tvuYYzroK3CpFN/jb8WcrjhUaLOkCjYwPLapgRU8OZgWo1vIGi2gzW9wxR6d4DN8SxeHFM5lvchydfR_P5hriZiGYGH0EQHQWrRroe0DcEphDhc8gUgijku4dDwlfwjM9YfXexvyrH1Abok/GniNYeKchmMJPvFDdqi93aTc_6BkpcAdHLk0s48m3TtS9a_iDnySXbd9g4339igOdl2CWFnnMgPh2sYL9FNCjzhAVrYGyTuoWaLoy5xW4xz60-WjSlzk_OJtL39tU0sJ/.../

http://dw.uptodown.com/dwn/mgfmg959pRcRDyeQHGnBaA-Q6gcGf0aZSAugjDS6szD9d0fYaKw5FKOEeCCkMtn0iv6GR1ozMeoxRnN998aMWy3bQPa9NQ0m0Eqhd9maC87Hlz2WjSF6Y-kCly-VJIYf/UtWgYABuxhU6BjwHaanKULRMfts8ap7HSq_MxT-j1FuIfB4b8LF5flxj30AXbHbDoirR5Zq8Xz3h9F77fTdzLpFIa542Zt6ZilzEoGOktpxYwd7kI-1TfsDrK3HunFDP/nebdkznNWV3Z1oJOdJXYZewWcRsZaUP4OawsqhKN355eZFY1dcrf58tXMllC5QPq_ionfPoCgQgjsQGRwp8fcjh32tRTGn4OFqogxbEDwyPQIOUe6IiDJb8w_JxSrXX1/.../

http://dw.uptodown.com/dwn/uOXnqZ3Kj90-slp0SvZsthLf980BFaCAnDX84hBsX30AIXRKW88XLtebHoRKfiicjaxw7ABR6Nf9R2oDwIJ62_uu-e2nYCx54_a9U92kztAosmmpVFxxbJLtqU1j-owb/Hj4ZK_vyoH7Xh5wK_ofsLhQgi-qkoBIddmEMCc5JPyBUlW1IkI0f6FuBCPIAwAnEZmt3THlzuNsVisW0X6pP-YNvQhVHW8IwJlStgWRfKWCvalVVAa8GL-y0DJD-viT1/fCwxFFLJPeLwtiPuIOb-jzF6C42X_N7rzs2Q0y6k0vGfRPJwMvmJ_fHFlyupjm3vh1HuaSZZzk1hPYVPy49Gp97fKF5ZOCqz1BOfji8zMqkbIlA4_DTcvGqJSsOcj3b5/.../

http://dw.uptodown.com/dwn/jTtqRGWGgNG2WvBO8mtdIBIjdWPicwhuSWtDbvUzR-ucsvWW_xMGYxdppy3HQ9kIOTvbkLeKI9rW0YMCmCZEwnuxY6aSqvzKUfwsN8cOsxS_NBg82VYkSMF3ndJpr_86/I5TPNWm7KI12RPKwTxbSuJ8eTorkutPfQA_1Xk4-JZFP8vab0_HwuJw9RwPMirjauQ2p0oPgbLgQ0t3oqb4O-jdx3n00n_X8iY8ex7qZRUaH5M1mUTo9-UUgg59_fAQ3/NhCHx0V-gdS0xde944TedL_-8GbCJ3Eo3m892ZbVInWcLI97KB2plSVMpyRBSvAykg0TlXWvLkA-NPfB5PA_7b0TCkWZisIZVAjfjiKuF3NPulmttk1BXSc3pe7Q_-dn/.../

https://dw.uptodown.com/dwn/P09r8_km2YAEqQhoxcXbnwJbtMNw0sSafqohZoBc5ztAbqVDTGazrvh2upD6W0_qPpU2pUyUbwuRmPkN9xIerOhypBdbX-5T6d60oMkzArtX-EywomWSorPcbpbqXnkR/W6rQxY5j2PYwYc_6mLipAatP98PJRoyMhTnK7UFWWb5lEm9lE3SzzE3eK8wJcamjQuxipGQUaDDYYrY55O_JOxNG3TECyla8J_o5EoK6N0cd8V2SHhYAhxleO04-ivfq/Q9pM6-F-MwfVO29JvNo_ZTd8cz8RzCWu10xVydYIVA9bZQdI-TS8wKPseNwqAnpY5HJkSXA9P50_fL7XjxnzaQq4ru7ak-ZQOrHyYxQDeOAIDqtWTuq5SMFno2_zqwHN/.../

https://dw.uptodown.com/dwn/GBPjwmfLk4RV8cojTdrrZM1RKFYHQOdje8A66wvAQ2QukHe7d3_HNV7yTVONsLJWk5OV-4DDv_gJlgLa8XUXkkPJ_N-tbfAc6qmrmQ9CtvZ31cVlEytxMexkiFzMOA-K/zJ17pxpc7sSreXA9_rCPgnMUrRjTTryrIO__XE-u-O6LU08TYqGbIVUaAMRKVXJOtIrdhqyHONeb3Ee4tmnN2aDg6QEIhiRrWBrmRs5Vvw9_t7kspY_PbLr9rwASPN66/f9zA-9fs96-F38ap-TLohPffPQXRx4dWHz6phl9gMvUhfBp5HUNpLTn4QURAJN_bILl1Lg2Bn38kSiRoN5f8ZwO-An0O-cn8Hyb2gRz8fbe5pSR-q5siEcg9agOMN6WM/.../

http://dw.uptodown.com/dwn/KrELQz2Da6-prhRsPqbYlX_3o4SqfuOBYdsXh2EpY9l5YZAkqxU4W6JTKEP5MOZb318z4z2C530PnglmpUUiapTuCy_T4wHj5IXSjKi7WGoe5CFicPYpEbOCQX2kcSc9/SuMmcwxC0Q1QqSNNHFVNIDKUFASVxwxELJohxnze0vmoPa-fjZUtj7HDto9vvJBC8Sv9IH9d7a_OT152n6QfOLAXQo3_9Y47MlH7mPvAtZGKbwt6fM3_97X2w065azK8/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-67-230-187.sa-east-1.compute.amazonaws.com  (52.67.230.187:80)

TCP (HTTP):
Connects to ec2-54-233-143-209.sa-east-1.compute.amazonaws.com  (54.233.143.209:80)

TCP (HTTP):
Connects to ec2-34-198-225-71.compute-1.amazonaws.com  (34.198.225.71:80)

Remove 50eb4153_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.