» sdrfr_assistant_1_5_0_0.exe
Overview
Analysis
File Details

sdrfr_assistant_1_5_0_0.exe

Internet Explorer

Incentive Networks LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application sdrfr_assistant_1_5_0_0.exe, “Win32 Cabinet Self-Extractor ” by Incentive Networks has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Microsoft Corporation (signed by Incentive Networks LLC)

Product:

Internet Explorer

Description:

Win32 Cabinet Self-Extractor

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

6958717473330c7567c43fbcaa3ee4bb

SHA-1:

68e8b4f64f1270ca419c7456949520d07414a812

SHA-256:

97e27e8c723247f16561d52769bb5d8c12593f7f842db1a3cbd0c5fcc767ba92

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 10:25:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.IncentiveNetworks (L)

16.9.30.23

File size:

3 MB (3,118,168 bytes)

Product version:

11.00.9600.16428

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\sdrfr_assistant_1_5_0_0.exe

Digital Signature

Signed by:

Incentive Networks LLC

Authority:

VeriSign, Inc.

Valid from:

3/28/2012 2:00:00 AM

Valid to:

3/28/2015 12:59:59 AM

Subject:

CN=Incentive Networks LLC, OU=" ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Incentive Networks LLC, L=Los Altos, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

78E324A21C668F73D42C18DC3D7B424E

File PE Metadata

Compilation timestamp:

10/14/2013 7:50:27 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:zQ2vfiTow51GZo60tH8r5kSyscF/9kqqtMznRlRIq9toe/Jf0Xn1+1k6CVfRv06Y:A/Rhx8rJydF/WrSrR3t1sXn1+1k6CRK5

Entry address:

0x67CC

Entry point:

E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D... 
[+]

Code size:

25.5 KB (26,112 bytes)

Remove sdrfr_assistant_1_5_0_0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.