connectifyinstaller_5.exe

Connectify

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Connectify-Installer’. The file has been seen being downloaded from www.ex.ua and multiple other hosts.
Publisher:
Connectify  (signed and verified)

MD5:
66d77486462b9f52755ab0cdeb7def16

SHA-1:
440ffd195f2bccb9c116f9f3ad801b0fec7c31c5

SHA-256:
f7d9641a425a9b6e643f8d7f4f50bbbce5202a6ae209c7cf0e1e6917ff2dd356

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/13/2017 2:48:49 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
JS:Malware.OddJS!5.3E
23.00.65.131224

File size:
7.4 MB (7,797,992 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\connectifyinstaller_5.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/24/2013 2:00:00 AM

Valid to:
8/24/2014 1:59:59 AM

Subject:
CN=Connectify, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Connectify, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71844350E30B64B59FD6BEC66B063550

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:d9uFZj2AELqVfEADUbxfVnj8Gm7ksMiPJEP0VpyU:fE0kspbzjbXiPJ9KU

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Connectify-Installer

Command:
C:\users\{user}\appdata\local\temp\{random}.tmp\connectifyinstaller_5.exe


The file connectifyinstaller_5.exe has been seen being distributed by the following 29 URLs.

http://www.ex.ua/.../95842397

about:internet

https://dw.uptodown.com/dwn/nda2dPdeJ1HN7Xc8Fw3m-c6-p39-iVu1dNuYa4Eq7T-u_jiYNQi2pM1Yrcuz6BuXpiO2t314TwNjov450qQxeSkjTjl1je6mRWSPmEz74FSipazXS0QEaMElm3zHDLIR/_OTH07qbgbBDf-tmsAW_KGsfzvhsmFI5846yoMsYzq3zfO01TQHFTH8w_nvw68ROF65Xt8ihjDgz8G30XJ67c4lyCyvXQXqsquVnhtvaDTzsn56ncmO0xks_yN0dzP2a/NTWPWsWvYK6q7U30utP5Zg5r_lTTEn2OZQ0mNxOVHXIjdps_m9ELpIqVw3XNsmYc2P58p3ekNKIo1mPVJBp50SxgE534BJbnzth4dCIAI6UJZDKl11jUdP4hAFViHLqA/.../

http://www.techspot.com/downloads.php?action=download_now&id=4899&evp=85b09b335c2e99db6bf73962b2210f0a&file=1

Scan connectifyinstaller_5.exe - Powered by Reason Core Security