» 60979179_stp.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

60979179_stp.exe

Pando

Pando Networks, Inc.

This is a setup and installation application. The file has been seen being downloaded from www.pando.com.

File name:

60979179_stp.exe

Publisher:

Pando Networks Inc. (signed by Pando Networks, Inc.)

Product:

Pando

Description:

Pando Setup

Version:

2.5.2.0

MD5:

fbb42bc3ed76430578dcb772c3983f31

SHA-1:

9d72df76e20a4074bf52a9c0b9c5a70a2d0a7148

SHA-256:

43dd6bb31a4c5a7ffb9ee249f04986c11940b5aefae64a69fe30387e913b97fd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 3:45:11 PM UTC (today)

File size:

9 MB (9,464,920 bytes)

Product version:

2.5.2.0

Original file name:

PandoSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\60979179_stp.exe

Digital Signature

Signed by:

Pando Networks, Inc.

Authority:

Thawte, Inc.

Valid from:

4/4/2012 9:00:00 PM

Valid to:

6/29/2014 8:59:59 PM

Subject:

CN="Pando Networks, Inc.", O="Pando Networks, Inc.", L=New York, S=New York, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

69FD587152CFDDF516423156E752D014

File PE Metadata

Compilation timestamp:

12/3/2012 12:49:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

196608:VS42pa8bxBEg6CSiI1uZR8m/BwYF87KesZt9ilV7pIDNi+ju:IBpayR69iI4ZR8melpssbaDNi+ju

Entry address:

0x192AF30

Entry point:

60, BE, 15, 80, 42, 01, 8D, BE, EB, 8F, FD, FE, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E0, 8B, 92, 01, 57, 83, C3, 04, 53, 68, 18, 2F, 90, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

9 MB (9,453,568 bytes)

The file 60979179_stp.exe has been discovered within the following program.

FlashPeak SlimBrowser by FlashPeak Inc.

FlashPeak SlimBrowser bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.

www.slimbrowser.net

About 5% of users remove it

The file 60979179_stp.exe has been seen being distributed by the following URL.

http://www.pando.com/dl/.../PandoSetupNCI.exe

Scan 60979179_stp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.