» hopper-1.2-2008-110600.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (5)

hopper-1.2-2008-110600.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.lo4d.com and multiple other hosts.

File name:

MD5:

4c4dbfa3e810daed24fb1d2c13db904c

SHA-1:

66677c1b961ca65749d03e3e4f40f12be5095b6e

SHA-256:

89528f6cc28d8634d9236e5e327883bbdc7b4e020adc2b072bfe0b40a7f74cb4

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 2:18:26 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Trojan.Agent-21984

0.98/18155

File size:

4.8 MB (5,055,837 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Common path:

C:\users\{user}\downloads\programs\hopper-1.2-2008-110600.exe

File PE Metadata

Compilation timestamp:

2/8/2008 10:25:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:dQYPTAn54I1dMJahGOdXiYjN6uBE1lwMtJzb9WP05tFSB7ODznQUapnGwaNxILC:dPO2I1dlddLjvE1K0b9G0xfn1aZGLHIu

Entry address:

0x30ED

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 58, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, E1, 2A, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 4C, 91, 40, 00, 68, 60, E3, 42, 00, E8, 98, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 86, 27, 00, 00... 
[+]

Code size:

23 KB (23,552 bytes)

Scheduled Task

Task name:

{F128F11A-CB36-43BF-BCB4-75B312539A7E}

Trigger:

Registration (Runs on registration)

The file hopper-1.2-2008-110600.exe has been discovered within the following program.

Baidu Browser by Baidu, Inc.

25% remove it

The file hopper-1.2-2008-110600.exe has been seen being distributed by the following 5 URLs.

http://www.lo4d.com/get-file/wifi-hopper/.../

http://soft.archive2.clubic.com/files/abf96a73213c6e977074b1f70ca2862f/52ffdaa7/.../wifi-hopper_1-2_fr_192846.exe

http://wifihopper.com/binaries/.../hopper-1.2-2008-110600.exe

http://wifihopper.com/binaries/.../hopper-1.2.exe

http://113.171.224.170/.../hopper-1.2.exe

Scan hopper-1.2-2008-110600.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.