home

dap10i_8a22257cae_setup.exe

Speed-Bit LTD

The application dap10i_8a22257cae_setup.exe by Speed-Bit has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from d1ih5upz66zwom.cloudfront.net and multiple other hosts.
Publisher:
Speed-Bit LTD  (signed and verified)

Version:
2.7.0.999

MD5:
abb6e0a02e16c9ca64acdc3dc2ee6a60

SHA-1:
b67e020a6d0990ed184252fffcce4579afa6e1e8

SHA-256:
fddc65daae047791d26a78f87b58658f81729b9608dc4e7ab30cce3398b61336

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/27/2024 3:00:39 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.23

Avira AntiVirus
ADWARE/SpeedBit.1045208
3.6.1.96

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.10978
9.0.1.0113

ESET NOD32
Win32/SpeedBit.F potentially unwanted (variant)
9.11520

Fortinet FortiGate
Riskware/SpeedBit
4/23/2015

McAfee
Artemis!ABB6E0A02E16
5600.6786

Trend Micro House Call
Suspicious_GEN.F47V0416
7.2.113

File size:
1020.7 KB (1,045,208 bytes)

Product version:
2.7.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\dap10i_8a22257cae_setup.exe

Digital Signature
Signed by:
Speed-Bit LTD

Authority:
Thawte, Inc.

Valid from:
7/18/2014 2:00:00 AM

Valid to:
9/3/2016 1:59:59 AM

Subject:
CN=Speed-Bit LTD, OU=SECURE APPLICATION DEVELOPMENT, O=Speed-Bit LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5127CA1D2884A29076DEE232533A5040

File PE Metadata
Compilation timestamp:
4/16/2015 12:51:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:SiCzMLfyET0Ftjmw0FSmHAwuBoNMuO31BG1a:XLqET0FtjV0YmAwqlBG1a

Entry address:
0x5D4B3

Entry point:
E8, B5, CD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 38, EB, 4B, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, B7, 4B, 00, 01, 0F, 82, F1, CE, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02...
 
[+]

Code size:
531 KB (543,744 bytes)

The file dap10i_8a22257cae_setup.exe has been seen being distributed by the following 17 URLs.

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_ya1b_setup.exe

https://d2s42bl77ar0ja.cloudfront.net/.../dap10i_6b902d4637_setup.exe

https://d2s42bl77ar0ja.cloudfront.net/.../dap10i_ya1b_setup.exe

http://www.brothersoft.com/d.php?soft_id=71682&url=http://download1.speedbit.com/.../dap10i_ds_setup.exe&name=Download Accelerator Plus

http://www.techtudo.com.br/_/software/.../download

http://www.lo4d.com/get-file/download-accelerator-plus/.../

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_a50bd0ea94_setup.exe

http://downloads.speedbit.com/.../dap10i_ds_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_1cc1da74a6_setup.exe

http://software.thaiware.com/download_url.php?id=246

http://software.thaiware.com/download_url.php?id=245

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_da59dcd4eb_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_392976d6f2_setup.exe

http://download-accelerator-plus.software.informer.com/.../

http://pjb8c2kx.sizbp7p9.netdna-cdn.com/.../dap10i_14a83d50e7_setup.exe

https://d1ih5upz66zwom.cloudfront.net/.../dap10i_ds_setup.exe

https://mega.co.nz/temporary/.../GI0S0bCA

Remove dap10i_8a22257cae_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.