home

sdfb272.exe

OfferInstaller

The application sdfb272.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from storage.googleapis.com.
Product:
OfferInstaller

Version:
1.0.0.1

MD5:
af7b53cf7c42ecb5711e7a9d933dc449

SHA-1:
c3cd45145c7dcb123418a74d759332b470be1de4

SHA-256:
92ffe9da7ce1676ce8d4db04feed7932188169d985d72faf77b291eb31026f66

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 10:40:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundler.OfferInstaller.Installer.Meta
15.6.15.11

Sophos
Offer Installer
4.98

File size:
292 KB (299,008 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2014

Original file name:
OfferInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\sdfb272.exe

File PE Metadata
Compilation timestamp:
12/29/2014 5:54:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:kuFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VKBL:xZwgVxGq86oH/MKvnolg2

Entry address:
0x49C9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9371

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
287.5 KB (294,400 bytes)

The file sdfb272.exe has been seen being distributed by the following URL.

http://storage.googleapis.com/finalinstaller/offerinstaller/.../OfferInstaller.exe

Remove sdfb272.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.