» 7sr-2014.3.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

7sr-2014.3.exe

7 Speed Reading 2014

eReflect Pty Ltd

This is a setup and installation application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘{45E6AF0E-695A-4B3E-9E84-FA201902875B}’. The file has been seen being downloaded from s3.amazonaws.com.

File name:

7sr-2014.3.exe

Publisher:

eReflect (signed by eReflect Pty Ltd)

Product:

7 Speed Reading 2014

Description:

This installer database contains the logic and data required to install 7 Speed Reading 2014.

Version:

14.3

MD5:

aa02a7b7454e2c68650e1744deb548f2

SHA-1:

a8a99ad30f76f71d1d1353a2536898e56eda1e5e

SHA-256:

4286a647101c9f790ca5a431ee2ac250a96b22e99e37309ed049318bea1caeab

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:13:20 AM UTC (today)

File size:

493.3 MB (517,259,056 bytes)

Product version:

14.3

Original file name:

7sr-2014.3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ereflect 7 speed reading 2014 (windows+mac) + ereflect confidence in context\ereflect 7 speed reading 2014 windows version\7sr-2014.3.exe

Digital Signature

Signed by:

eReflect Pty Ltd

Authority:

DigiCert Inc

Valid from:

3/27/2012 8:00:00 AM

Valid to:

3/19/2015 8:00:00 PM

Subject:

CN=eReflect Pty Ltd, O=eReflect Pty Ltd, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

01EE0E057D13F39FEA5B70E9BCE516A7

File PE Metadata

Compilation timestamp:

6/26/2012 6:05:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12582912:NsdL0CVcUwkpP6B6ICcUr2+A4rzLqlFGuPJSJuc:ALaUwkt6aDrZnml0yc

Entry address:

0x2E0AE

Entry point:

E8, 90, 91, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, 8A, FA, FF, FF, 33, DB, 39, 5D, 08, 75, 2E, E8, 3E, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, C6, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C7, 00, 00, 00, 56, 8B, 75, 0C, 3B, F3, 75, 2E, E8, 08, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 90, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8... 
[+]

Entropy:

7.9996 (probably packed)

Code size:

253.5 KB (259,584 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

{45E6AF0E-695A-4B3E-9E84-FA201902875B}

Command:

"C:\users\{user}\downloads\ereflect 7 speed reading 2014 (windows+mac) + ereflect confidence in context\ereflect 7 speed reading 2014 windows version\7sr-2014.3.exe" \cmdloc "hkcu\software\ereflect aite

The file 7sr-2014.3.exe has been seen being distributed by the following URL.

https://s3.amazonaws.com/.../7sr-2014.3.exe

Scan 7sr-2014.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.