home

free_mp3_cutter_and_editor_2.7.exe

Soft Application Program

International Data Group Poland S.A.

The application free_mp3_cutter_and_editor_2.7.exe, “Soft Application Program Setup ” by International Data Group Poland S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.quickfarmbundle.com. While running, it connects to the Internet address 50-87-127-62.unifiedlayer.com on port 80 using the HTTP protocol.
Publisher:
International Data Group Poland S.A.  (signed and verified)

Product:
Soft Application Program

Description:
Soft Application Program Setup

Version:
2.1.3.8

MD5:
227b03ae40398e4b5d238a6a8655f288

SHA-1:
320d7a04e4fe5f6f38b0e7988aa92aa6a18c0310

SHA-256:
0b82ef5832bbe200618195f3ee2053b2cbc9825f396fe1d26c1ce9f388f9bcc1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 2:14:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.8.2

File size:
1.7 MB (1,812,216 bytes)

Product version:
5.5

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\free_mp3_cutter_and_editor_2.7.exe

Digital Signature
Signed by:
International Data Group Poland S.A.

Authority:
GlobalSign nv-sa

Valid from:
8/30/2016 11:21:17 AM

Valid to:
8/31/2017 11:21:17 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
64A80379DAA3514FAED45E16

File PE Metadata
Compilation timestamp:
7/9/2014 8:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9594

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file free_mp3_cutter_and_editor_2.7.exe has been seen being distributed by the following URL.

http://www.quickfarmbundle.com/jt1EjhGsfExtwxTlv1XmWP6dSvRsG_UyHrikVg7UO1aTuLELtOyqw39a6fvJT0k1CntExPds33lpfPsjQfTJsFcTcRa5ffDsHqvZbzVA3B0WJrVfkgL7ovmMIBE phkRhIFJ oeso_HwYAOBQARkykUd8d2z_79RlYYTFqmfqnMtZe_KmNRr1wpFI8jhREUdsDB228eq6g3jOInutuzm7 MMZj1Kpk6 BPecoeUhyoiKPFeEz1RkziSD5jOX4cimMTAWwjAmsF7V7jLFrOzPlofVXeh_XsRVvj07GW7IhZ7LNidqRMtYtAbUn0VtvNt5Eov_O5yVHfmLlEbJ3E SwY85Jxv2npKZ2TdTjDPN1J3SbOTWDbRuu1e1qGAe5nBnHfd1NWtDAACKgnh5EydTUPZFMzY7h8drfQsyysULXsN9eHGQxIK_Q1hZGp8JihzeFJ hi1nJnPUTrVdBeH8XZ4UXAxlaIQ0ncP6AR9UeG6pgn8uNIpQzFZboIMTTVBoUdwddc3QD nisH_OCmZBvEGwpW1ycVLkWStM47BbkZkLfRNo CPflxxjdG982ci9JG3wjNn7xkhSSxlgwC9Mn0ivFHG5EaEFt4Zo0oyzYkottv9kwb DZt5 JEoLUCU0T4tOFneZ7jsbn 63nJVo0cxJDUJpNYA==-GzMAAATKbbFtYSGaBcGQLwri_kFwyAH7vyIIEIONsXMFDcobE3_HzXr6lHx1zlXDEm8j3 AD

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-154-229-88.eu-west-1.compute.amazonaws.com  (54.154.229.88:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to 50-87-127-62.unifiedlayer.com  (50.87.127.62:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.155:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to 92b91b2d.rdns.100tb.com  (146.185.27.45:80)

TCP (HTTP):
Connects to ec2-54-213-173-59.us-west-2.compute.amazonaws.com  (54.213.173.59:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-54-186-47-57.us-west-2.compute.amazonaws.com  (54.186.47.57:80)

TCP (HTTP):
Connects to ec2-54-186-199-44.us-west-2.compute.amazonaws.com  (54.186.199.44:80)

TCP (HTTP):
Connects to ec2-52-49-170-39.eu-west-1.compute.amazonaws.com  (52.49.170.39:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-26-136-207.us-west-2.compute.amazonaws.com  (52.26.136.207:80)

TCP (HTTP):
Connects to ec2-52-206-2-43.compute-1.amazonaws.com  (52.206.2.43:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 10gbps.io  (185.59.222.146:80)

Remove free_mp3_cutter_and_editor_2.7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.