» SEPCSuite.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

SEPCSuite.exe

Sony Ericsson PC Suite

Sony Ericsson Mobile Communications AB

It runs as a scheduled task under the Windows Task Scheduler.

File name:

SEPCSuite.exe

Publisher:

Sony Ericsson Mobile Communications AB

Product:

Sony Ericsson PC Suite

Version:

3.10

MD5:

854295d89c8b106bc43504bca4302f47

SHA-1:

75a3f0e885e2391a1e10b11460c00e17cbec94ea

SHA-256:

44c787deb7933d06222e7ba7b867731ac2ca19ecd63ee2f31b551d3ff69a53b9

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/2/2024 2:24:15 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Refroso.chfl

7.11.11.45

McAfee

Artemis!854295D89C8B

5600.7038

nProtect

Trojan/W32.Refroso.360448.D

11.07.10.01

Quick Heal

Trojan.Refroso.chfl

8.14.11.00

File size:

352 KB (360,448 bytes)

Product version:

3.2

Original file name:

SEPCSuite.exe

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\Program Files\sony ericsson\sony ericsson pc suite\sepcsuite.exe

File PE Metadata

Compilation timestamp:

2/20/2008 12:22:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:/4wmPECOz9k04Qe+voSZw9ixs+bCef5GxMeHSAJ9Zo0:/4w+IR7DZ2ixtFcxMeHF9R

Entry address:

0x220CC

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 50, 42, 00, 68, 8E, 1F, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 70, 42, 42, 00, 59, 83, 0D, 74, B3, 42, 00, FF, 83, 0D, 78, B3, 42, 00, FF, FF, 15, 6C, 42, 42, 00, 8B, 0D, 3C, B3, 42, 00, 89, 08, FF, 15, 68, 42, 42, 00, 8B, 0D, 38, B3, 42, 00, 89, 08, A1, 64, 42, 42, 00, 8B, 00, A3, 70, B3, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, F0, AE, 42, 00, 75, 0C, 68, 54, 22, 42, 00, FF, 15, 60, 42... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

140 KB (143,360 bytes)

Scheduled Task

Task name:

{93A69838-A99E-4270-B0F6-84DB1454FBEC}

Trigger:

Registration (Runs on registration)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ftp5.avanquest.com (5.135.211.141:80)

Scan SEPCSuite.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.