home

fsd8716.exe

Installer

The application fsd8716.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from 113.171.224.209 and multiple other hosts.
Product:
Installer

Description:
Installer-H

Version:
1.0.0.0

MD5:
353ca2e9685ed8c67b118775eecdeac5

SHA-1:
c98d7cf7ae934a46ce23df3017469b961c862ad9

SHA-256:
cbc817fab4d883cfbf0153c7f63fd231c7406eb752782e80ecb4aa20939c54ed

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/16/2024 8:38:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.146056
5704914

AhnLab V3 Security
Adware/Win32.Imali
2015.06.25

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.1.6

Arcabit
Trojan.Zusy.D23A88
1.0.0.425

avast!
Win32:GenMaliciousA-FRH [Adw]
150602-1

Baidu Antivirus
Adware.MSIL.Imali
4.0.3.15624

Bitdefender
Gen:Variant.Zusy.146056
1.0.20.875

Dr.Web
Trojan.Crossrider1.31615
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.146056
10.0.0.5366

ESET NOD32
MSIL/Adware.Imali.A application
7.0.302.0

F-Secure
Suspicious:W32/Malware.c98d7cf7ae!Online
5.14.151

G Data
Gen:Variant.Zusy.146056
15.6.25

MicroWorld eScan
Gen:Variant.Zusy.146056
16.0.0.525

Norman
Gen:Variant.Zusy.146056
02.06.2015 14:23:46

Rising Antivirus
PE:Trojan.Win32.Generic.18C9074B!415827787
23.00.65.15622

Sophos
PUA 'Offer Installer'
5.15

File size:
2.9 MB (3,001,344 bytes)

Product version:
1.0.0.0

Original file name:
FinalInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\fsd8716.exe

File PE Metadata
Compilation timestamp:
6/24/2015 7:06:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:uCZFU36kcZwzMgmjjTySlH4eBjMxXRhCsH25:uIYXc+zXmOaH4eZMxP

Entry address:
0x2D2B8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4473

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.8 MB (2,952,192 bytes)

The file fsd8716.exe has been seen being distributed by the following 6 URLs.

http://113.171.224.209/.../FinalInstaller_dotnet4.exe

http://shooky-26-05-2015.s3-website-us-east-1.amazonaws.com/FinalInstaller_dotnet4.exe

http://113.171.224.177/.../FinalInstaller_dotnet4.exe

http://201.31.162.82/cache/shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../FinalInstaller_dotnet4.exe

http://shooky-14-06-2015.s3-website-us-east-1.amazonaws.com/.../FinalInstaller_dotnet4.exe

http://s3.amazonaws.com/shooky-14-06-2015/.../FinalInstaller_dotnet4.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-1-45-42.compute-1.amazonaws.com  (52.1.45.42:80)

TCP (HTTP):
Connects to 194-100.colo.sta.blacknight.ie  (78.153.194.100:80)

TCP (HTTP):
Connects to 184.172.106.42-static.reverse.softlayer.com  (184.172.106.42:80)

Remove fsd8716.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.