home

sdff4c9.exe

Installer

Stepitapp LLC

The application sdff4c9.exe by Stepitapp has been detected as adware by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from storage.googleapis.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Stepitapp LLC  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
5029c5857841fb35dcde25375a3617be

SHA-1:
d6baf47641c3717148359e631ec58c4e9a17be3b

SHA-256:
0bb2c539a502bf12e00919b9051c1aa3cb609cb901ddbacca8fd66160026d605

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/27/2024 1:39:48 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Downloader.Agent.I potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Installer.Stepitapp.H
14.12.16.13

File size:
350.4 KB (358,832 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
FinalInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\sdff4c9.exe

Digital Signature
Signed by:
Stepitapp LLC

Authority:
COMODO CA Limited

Valid from:
12/10/2013 6:00:00 PM

Valid to:
12/11/2014 5:59:59 PM

Subject:
CN=Stepitapp LLC, O=Stepitapp LLC, POBox=1252, STREET=9 W. 31st Street, L=Bayonne, S=New Jersey, PostalCode=07002, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EA7DEF51F4F715C2C81433CCD6B15766

File PE Metadata
Compilation timestamp:
12/11/2014 4:03:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:PRUOuFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VyaOL9lypSB7z:ZIZwgVxGq86oH/MKvnolgyx9lypSdz

Entry address:
0x55AFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7925

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
335 KB (343,040 bytes)

The file sdff4c9.exe has been seen being distributed by the following URL.

http://storage.googleapis.com/finalinstaller/finalinstaller/35/stepitapp/.../FinalInstaller.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove sdff4c9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.