home

realappeal.exe

AddLive

LiveFoundry Inc

This is a setup and installation application. The file has been seen being downloaded from d36pfzlm4aixmv.cloudfront.net.
Publisher:
LiveFoundry Inc.  (signed by LiveFoundry Inc)

Product:
AddLive

Description:
RealAppeal Installer

Version:
3.0.16.5

MD5:
d93af42682c48a784195a09c1f7527e0

SHA-1:
7750243248d408cfea699f9401826e411574f12e

SHA-256:
0bbbb598d6a397ac2421f0267a75bae6df20a320c83d81d4e322594059da10b2

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/4/2024 9:57:31 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader19.38140
9.0.1.05190

File size:
3.7 MB (3,900,232 bytes)

Product version:
3.0.16.5

Original file name:
RealAppeal.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\realappeal.exe

Digital Signature
Signed by:
LiveFoundry Inc

Authority:
GlobalSign nv-sa

Valid from:
12/14/2015 11:04:34 PM

Valid to:
2/11/2017 10:05:22 PM

Subject:
E=support@addlive.com, CN=LiveFoundry Inc, OU=IT, O=LiveFoundry Inc, L=San Francisco, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121753220DB0119A3C11D554FB319B6954A

File PE Metadata
Compilation timestamp:
4/14/2016 5:35:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
98304:3uZnK/oClBWTbpGyxOQiqpLWlGG2YV4BBsPacyisw:J36t1xj7pLUGGGcyisw

Entry address:
0x689CF

Entry point:
E8, 47, 0A, 00, 00, E9, 80, FE, FF, FF, E9, 3B, FB, FF, FF, 55, 8B, EC, 5D, E9, 94, F8, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, 1C, D2, 49, 00, FF, 75, 08, FF, 15, 18, D2, 49, 00, 68, 09, 04, 00, C0, FF, 15, 94, D0, 49, 00, 50, FF, 15, 98, D0, 49, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 85, 59, 02, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 28, 54, 4C, 00, 89, 0D, 24, 54, 4C, 00, 89, 15, 20, 54, 4C, 00, 89, 1D, 1C, 54, 4C, 00, 89, 35, 18, 54, 4C, 00, 89, 3D, 14, 54, 4C, 00, 66, 8C, 15, 40...
 
[+]

Entropy:
7.8533  (probably packed)

Code size:
622 KB (636,928 bytes)

The file realappeal.exe has been seen being distributed by the following URL.

https://d36pfzlm4aixmv.cloudfront.net/releases/Release/3.0.16.5/.../RealAppeal.exe

Scan realappeal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.