home

cp_ga.exe

CeedoInstaller

CEEDO TECHNOLOGIES (2005) LTD

This is a setup and installation application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Ceedo Technologies Ltd.  (signed by CEEDO TECHNOLOGIES (2005) LTD)

Product:
CeedoInstaller

Version:
3, 5, 0, 6

MD5:
fb06f8303d0b5ed6405fa7aa8d3e375f

SHA-1:
9a828cb014979cba4a1a869d2fd3ecfa3276eb15

SHA-256:
13d2f30ecedcef0cfcd6dfd49f1b6204a185436cf3809349b3300b77e2b5756e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/22/2024 7:33:08 PM UTC  (today)

File size:
981.5 KB (1,005,056 bytes)

Product version:
3, 5, 0, 0

Copyright:
Copyright © 2005-2010 Ceedo Technologies Ltd.

Original file name:
CeedoInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cp_ga.exe

Digital Signature
Signed by:
CEEDO TECHNOLOGIES (2005) LTD

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/20/2009 8:00:00 PM

Valid to:
11/10/2010 6:59:59 PM

Subject:
CN=CEEDO TECHNOLOGIES (2005) LTD, OU=SECURE APPLICATION DEVELOPMENT, O=CEEDO TECHNOLOGIES (2005) LTD, L=Rosh Haayin, S=Sharon, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
74813FF943D264E20395C871C68A439C

File PE Metadata
Compilation timestamp:
4/7/2010 11:56:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:tvDs4f0MteA/qp/sjtHJ0+Sv+ZBENwTRw8Lil5o7GQsu58BVv+:OdA/ukHS+ScCwTqV5o7xx58BVW

Entry address:
0xCF41

Entry point:
E8, F9, 6E, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, E8, 6B, 46, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, E8, 49, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, C4, D0, 40, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83...
 
[+]

Entropy:
7.8429  (probably packed)

Code size:
136 KB (139,264 bytes)

The file cp_ga.exe has been seen being distributed by the following 5 URLs.

http://gsf-cf.softonic.com/9a8/28c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55588&instance=softonic_en&type=PROGRAM&Expires=1463021395&Signature=AEMw7nSEdnnDgBitLdOykH0j6iO~0xyd2ZC9bLK8HfE4PQWUEsIsX2MEgm3ZpL8bsjZVwoKcpXO3jyCW2v9C-oRWakwq-dM7JIVNcUFD2MbxWEwcuVWbb5YYygczwHcMTpC3183dzhhY2XlFFVV8KrpInMZj47t6PgNhW0zlqf4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=cp_ga.exe

http://gsf-cf.softonic.com/9a8/28c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55588&instance=softonic_en&type=PROGRAM&Expires=1465543348&Signature=HbLX1tGKSYKm5VcxuBQ9loTcNMT7KueemXFx9vrXi8xTZJggC1QKpn-el2oyMn2jpdP8ExZPj4bwUWFKfs4SKl9oh7NcPaSRYqz9xohs2nNY-XvTZR2mo1iVxYIBSVzjuseZPxnQC8BocnI60uXQbY1fOvHb72Wxbgx0nMtZc5w_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=cp_ga.exe

http://gsf-cf.softonic.com/9a8/28c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55588&instance=softonic_en&type=PROGRAM&Expires=1475980403&Signature=a5tY40sUhDbZ6Xk06G-Bn4dBcq30zdwm0jTSsxxXGF32dd69mhFaSkm6-a~fS7hFX4A~oiC3dNwz97ggdcvVJKtrQlEhkTjcaj6QhQY2G4YCcXJLfQAFJFYVXP4hF7d1ODDUBbarfuiMVDxJ6jXra2IXPNrt2Grabp0zEbiypqE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=cp_ga.exe

http://gsf-cf.softonic.com/9a8/28c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55588&instance=softonic_en&type=PROGRAM&Expires=1451461639&Signature=ZUxHfky8vIazwQG4LpRHT5sE-IAhGT7MrBcwguyoeOEPoD24MvfEtaEyoz5V7K1emRaxlcCe6ARAaCGvQtIihZZdrgbd~RFICxE3FmS2pyNG6LASn~-c-RW7Bh5Vprh4FRccWHpdssKr7t7eMIQXK8C1H4IOwUog~r~7dkfBxY4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=cp_ga.exe

http://gsf-cf.softonic.com/9a8/28c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=55588&instance=softonic_en&type=PROGRAM&Expires=1454224564&Signature=h6b6wzDm1eZtrXid5ht4wZTNh4qrae4IltDSJWovOkGjE1jflzOn4VW7BOkqP8JBN13sU3XCmEqrCWR0qkNnKKZsGpZFHho1jZbMm9P9wdmNc81iG8S6hUAnz5SVeWNPDadJ9WlUODU2Htk5VRN8PHoh2YGFt2S7xW5vuiCAhdw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=cp_ga.exe

Scan cp_ga.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.