» opsetup20166.exe
Overview
Analysis
File Details
Downloads (17)

opsetup20166.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.

File name:

opsetup20166.exe

MD5:

a94979bfbb1cf22e651a597487be8e63

SHA-1:

c163ad1e3ad0e936b7d0491c2d68a223ddc796fa

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:22:25 PM UTC (today)

File size:

3.1 MB (3,230,561 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\opsetup20166.exe

File PE Metadata

Compilation timestamp:

3/16/2003 6:40:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:BQGkUOMtAvUnbr2kP6HNow26XPM/Ht4ylaZ3:4wAvameT6X0myg3

Entry address:

0x3E2A

Entry point:

83, EC, 0C, 53, 55, 56, 57, FF, 15, A8, 70, 40, 00, 8B, 35, 98, 92, 40, 00, 05, E8, 03, 00, 00, 89, 44, 24, 14, B3, 20, FF, 15, 2C, 70, 40, 00, BF, 00, 04, 00, 00, 68, 20, FB, 79, 00, 57, FF, 15, C4, 70, 40, 00, 57, FF, 15, C0, 70, 40, 00, 50, FF, 35, 98, 92, 40, 00, FF, 15, 5C, 71, 40, 00, 80, 3E, 22, 75, 04, 80, C3, 02, 46, 8B, 2D, 14, 72, 40, 00, EB, 09, 3A, C3, 74, 0B, 56, FF, D5, 8B, F0, 8A, 06, 84, C0, 75, F1, 56, FF, D5, 8B, D8, 89, 5C, 24, 18, EB, 05, 53, FF, D5, 8B, D8, 80, 3B, 20, 74, F6, 80, 3B... 
[+]

Packer / compiler:

Nullsoft Install System v2.0b2, v2.0b3

Code size:

23 KB (23,552 bytes)

The file opsetup20166.exe has been seen being distributed by the following 17 URLs.

http://www.ranchsendgift.com/to76FWgdQPf6I1YIkkUGiD06I6JL4ZexNncJC8rJMv48IoDoZKftYKksDErWpXd9YY2fRWnbt2BdJ1ZJyspaYiVVWW2IG 1wmeEKWWLl4S5QuJXxaeYXAtP6zA1ACGxRrto8zWoUfM1kKT8uBHzKVk4nygzZmnLLKZU_j3N5oH0hmMGK C2G_vg uP8uI5HQDL8ZTxly6BJZyBTqmbkGxF5ENr_43A==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://files.downloadnow.com/s/software/10/25/65/.../OPSetup20.exe

http://www.ranchsendgift.com/Ruk0udYwPvX7BqwCuflPAV6uJ6cmxKojICIVEb27TF2RTUCuTRIU5r9 Hppq_Afh59tLqOlmCtTJEdWXNxTjFQ exlv89wnkwFaLpy C2Ri1kvzoy DKiIEknY20JoJUd1jrmXGFcv0FLfnvEeO pmmhV9FQKVfHiwpgw9SYqfAmlrSgf6CODTGEdkZvE8ofzhoTRGYWTIYTt4vxUIsjKg5 rX1Hnw==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://www.towerbitscenter.com/zv3x78Rz imF_139au_wW5N2T_olh1gO18WUnZC0upiTyYnG06RubJJIS19VYUf2pUIT7XVoczqgz4Y MfK4BjQp_gTKKzeEPR3GRjNMulGfu3Oc bPpDu2lxb00ZpgSY8jS_0AxHMbxabP0IRvwajT7U1ytwgscDruev_n8zaY2gICJ83SsQM6e_mLrEZg_mH5gifj20Exgvy6PR9ihlwPiMcLung==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://www.ranchsendgift.com/aL35maaah6txWpMBTuIWYyM6efpeADg1GkYx3zfdqKCJD3xKneUH1LIpN8d1b1EXQhj2mfy6nyAY3LZk_JWM5BRm8FiYCBP748djf ctR0ebnMLUYz45q2XMs7OzcCsmAY8aMLVdt9jMQfG4PmScpGON8p4_vc2OPkSit3nmrZ MtWUiDTQTFK12HYtXbojDakUhJ3rFPXhSjfefoo8NT5Bzqbg7l 4ICpLwNw9z7VStJkFsH_0LHCP4o6W2ij8cp2hK6K7m8G77kwMmbIWU6Jpgi4m9B eEsAWswm_Ps045_d93zOIS4Z5 G8dOGMDMdNxZmcqK2lUp4l6R8YAjC 37QyLr45Yi3SQWBAal7C8ZrPFljJCboRhYmA1wo06UiEqjS3T2tvYH AUYyXJqlik01l86Nq1zgYe7QTRMlX5FiTWDoQ9HHeoBOLFDOC3GK VcTU0VWOXX9ICAn8qS805bWR3Hxw==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=-e

http://www.ranchsendgift.com/sgCsLaDYpwgrw_yxByTZwFipZmXR4mcZPbjfwjV2J3s_rHm7t9YZfXGA28Y0JjPQ1p8j5YMCuPWIQZEi8V1sm0bUpoLkoIbAFHEQDfi_cC4Y_viLfjObgvs0Rvw9UrozbxOpL7XzMmUvR2eeIHYp3etinwRU87Ww2s4vB3Zv54AintbhP1fSv op0P8sN89HxWScfE3TJV0tq 9rA0YwUbvT0rr9ZQ==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://www.ranchsendgift.com/NB7jOdKTn2t4ykD3FmYIVZbFE4RrsOO6i 3Uoxnijq3 GnqRLUcJmeTMiJ9QnlEFauOzaUeyA4hQK8xJfGuZPJJFm4kb6LGWnF0 IImZNYSXinQ14DWhiCWdLJOIEI9pGv0IduXUz9cCjjin1xUcaF50NCxyqwE8mnRVDBl7JCo2j2Y0b4OofUsp3HZzZEAVlJ kKgGWu9v_r3WIETFNTq91vZwwEg==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://www.ranchsendgift.com/gAwGWhkTFC2T slj V_rSqWmmLOAFikm9ndZe1i4P46aV4Dz7ZJd9aUgRZnAYoiBP3JH4r7OKk 0VtQdEfJiFpcotvTfVJr B68uGJUGoKr54J5dGM3tiG3MlSHbMg75O3VtaAOHQ_6JoDac_4r9hzHwY1mlfBUGm3FMt 4u4xiuphSsWCkm_4K1sXD3vGfRH97QkcghkjVeHrbU1im9M1doK0aEfwfDrSmayQFYiaPOuwuk48gHwHk6S2NcOd4fZyhabZO1Ahr4ZZ oSso0py1ilZDivJi X2pWc2iX0enzxP8oij3l21wnqLFwdDU0qjXs9t0m4WIcjYVzNKuJUIlLzJZIKEwVzpnVUPl8iZx886VGq_eP4eH51bsNoI817bVYPbaPRg tskaPbvJS QUHzYU rgrNeBs6UnA2l CzN5 kqnE=-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=-e

http://www.ranchsendgift.com/9wV0InxFx8mTqCOfqKLv_pD73G7lSkyjTM0M7lcdVoDPFbROsJzfTBxMMFDUVHmqQXMwOsH_qxky8X1FwQdDKMKzLnSPO7Tz3ZWLyVbf1JGkQpRaxOLATIF0SabJ7rMBmplHqfzhW1Bm8X38lEGE48tLJOQoXH3sUBeWOd0tsGx Ca8uGIEJ4I5K9R_xA3BuRW6RezesKlnarAXRpJluftcvzX94HA==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://www.ranchsendgift.com/a8IY6k6fu8vzhkzl4FNXlA44NOmifRk0nXOvn2QU9cW6CiFpmcD9ewVCm fr2J3hG6O6zrZuI4cyv1vC2ju9_X67SRo6IHs85xWUcH3SuB2VoAE12FCtHOKHBRqgDZPVbV4Jf7NsT2NI73rn3BxnoYkoz7A0oUz2Fmz9ie3TzgmCwwSQpOe39CJ3mpzi_5HX5cv98lhLRiF5OKTSz Askgw7yYJRuw==-G0EAAEQ3F5s2S1UwJIVF8dwffsc4YP8XGfB8GDyGz6egxm M8bd6JuOrWUuZ6RxsxuFYzXHuIqtCeAA=

http://ultradownloads.com.br/.../2,981136.html

http://officeprinter.software.informer.com/.../

http://www.mossbaysoftware.com/officeprinter/.../OPSetup20.exe

http://www.mossbaysoftware.com/officeprinter/.../OPSetup20166.exe

http://www.toucharger.com/.../?count&i=12146&n=1&d=1&t=1

http://www.businesscardsoftware.net/.../OPSetup20166.exe

http://www.logitheque.com/.../1f2ce934.dl

Scan opsetup20166.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.