» ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe
Overview
Analysis
File Details
Downloads (1)

ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe

Lucky Installer

Goldencalf LLC

The application ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe by Goldencalf has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dll513.yourfd.net.

File name:

Publisher:

Lucky Inc (signed by Goldencalf LLC)

Product:

Lucky Installer

Version:

1, 0, 605, 1

MD5:

96a468ea8852b5dfea02bd8640ff2701

SHA-1:

2afa416b695db52390122026ff845ecec7b2d2dc

SHA-256:

6f6ad044ec59ee6776dafe5db8f0240862ed1a7e2b672ff27ee3502367bbc24c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/19/2024 9:51:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Goldencalf.Installer (M)

16.1.23.18

File size:

4.2 MB (4,413,440 bytes)

Product version:

1.0.0.1

Original file name:

LuckyDownloadInstaller.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe

Digital Signature

Signed by:

Goldencalf LLC

Authority:

Goldencalf LLC

Valid from:

3/27/2015 10:26:58 PM

Valid to:

3/26/2016 10:26:58 PM

Subject:

CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:

CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

3/24/2015 12:53:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:HAR9rSG0eXB5R6d8NVdpQD/zQjwzk3z5j:6sFSl6amDzx6Vj

Entry address:

0x48ECB7

Entry point:

9C, 60, C7, 44, 24, 20, 51, F6, 08, 2A, C6, 44, 24, 08, 96, 51, E8, 9E, F1, 05, 00, 04, F1, F8, F9, E2, 0B, F2, 32, 4B, 46, 2E, 1D, 5B, C9, 43, 5D, 0F, 45, A2, 59, 78, 7F, C9, 8B, CD, 97, 40, 9D, 52, A7, 2C, BF, CE, C9, 0C, D3, 8D, B5, AF, EC, 15, DB, 80, 5A, 2F, A6, B4, AE, B6, AB, B6, CF, B0, B8, 72, 90, A4, E2, 19, 63, 73, 88, BE, A1, CF, 4D, 5E, 24, 92, BE, 4A, C2, F2, A6, BC, EB, 04, 81, 12, B8, A2, 9D, 59, A1, 32, E9, A5, 8F, 01, C0, B1, EE, D6, 0A, 93, 33, 75, 4E, 85, 27, CA, 9A, 36, AD, 4A, A9, FB... 
[+]

Entropy:

7.9210 (probably packed)

Code size:

794.5 KB (813,568 bytes)

The file ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe has been seen being distributed by the following URL.

http://dll513.yourfd.net/j5GVY0Gdiklj2 AMJIj8Dj6O5Wo57ZEuerSeKnS8hCEztN1hB KvIxDgwBJftIUKQr2bAEeBng4bwcosF9EvQg3BQjVkhHpGd8A/SH/MKbB6xTP0J2Jw72s1Lb9qPRCgeHxE5RZ TOk5fUmiXj5F0Q96U84Rf03SBkEAllxLLdodR3iGpEQtyNlcIsz BSam7FA8qfkhPbi4JzKivDwFoMEvCqLMJBuimwA6 dg9EI/xPxmO0QsmhdlZTcnODPKs1xy4xvNIp8rwRaPO ku/Ov9a4GaN6Ph4vrmqOL/rmSe/6pIk1KCbLt6knC/cqIIV16nUQsCQ3BvPlZtam5WCe9jAogpn3u9YZ8DwEjueoTFh2KAkZp wLyv2 z17poVuK/TUZwSk1DMAv4gmF7qSWxjvkV4H08xSB9PICwuLMEVb2WAScZJoS3/.../

Remove ptc-creo-3.0-m020-_-helpcenter-x86-x64-multilanguage---9.13-gb_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.