home

setup_pepakura_viewer304_en.exe

The executable setup_pepakura_viewer304_en.exe, “Self Extractable Archive” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from docviewer.yandex.ru and multiple other hosts.
Description:
Self Extractable Archive

Version:
5.02

MD5:
531c19d0d54507452f705599c6f3e8ee

SHA-1:
76c7a15feb0b6e1fa3111c7328d20daf56d348df

SHA-256:
65a241243170cf8ba11a7b7e0409082a7434d63e17b241bb20044aba2bcdcd7c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/19/2024 6:19:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.17.17

File size:
2 MB (2,119,601 bytes)

Product version:
5.02

Original file name:
EPSETUP.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\iron man\setup_pepakura_viewer304_en.exe

File PE Metadata
Compilation timestamp:
7/3/2007 3:24:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:Ihi2I8H3Z59Ng8MDRmIm/gRt7MJ8JkGOYeLqMkDley+7SzOmx0eujNd6xMZo46Uw:KI8Nd/gL708JhemMkgyA+OmiSM2cBBNO

Entry address:
0x13B0B

Entry point:
E8, 46, C4, FF, FF, E9, 16, FE, FF, FF, 6A, 0C, 68, 78, 69, 42, 00, E8, 13, 31, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 98, 7F, 44, 00, 03, 75, 43, 6A, 04, E8, CC, 25, 00, 00, 59, 83, 65, FC, 00, 56, E8, 3A, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 56, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, BA, 24, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 6C, 68, 44, 00, FF, 15, BC, 31, 42, 00, 85, C0, 75, 16, E8, 52, 00, 00...
 
[+]

Entropy:
7.9083  (probably packed)

Code size:
136 KB (139,264 bytes)

The file setup_pepakura_viewer304_en.exe has been seen being distributed by the following 13 URLs.

https://docviewer.yandex.ru/source?id=26apc-78bpjojopkhtun8nbbhqmiznbspu0fzj11kdxn6n4kt25m5vgcgr9zypw7226qhz9gebg67r3k04wn1anoriyl519jqd2gfm8ua&archive-path=//.../1_setup_pepakura_viewer304_en.exe&ts=15927016054&token=XjSjX5D3bXS5Ek2EAUDXeA==&name=Pokebol.rar

http://download1921.mediafire.com/54e531292ghg/.../setup_pepakura_viewer304_en.exe

http://paperworld.tistory.com/.../cfile26.uf@14522F2F4CF1E3212556E4.exe

http://www.pcwelt.de/download_file?bid=268430

http://s6406.chomikuj.pl/File.aspx?e=9f3xNksHJB-dNrQsWaFfRE2b1VWuPqqwTfh7GG9Mh3jGTkkXjrg4JZBp5iSPT14Tdbmro2VHY_-dXgdr3lg5kC7BKB7chJDAj6hUIjA_UDDhIv9EVq1_7n8q7CE8fy0gRe7C82UwE8ICMEmyLvnaiA&pv=2

&onid=6677&oid=3001-6677_4-10350147&rsid=cbsidownloadcomsite&sl=es&sc=us&topicguid=design/modeling-cad&topicbrcrm=&pid=11887175&mfgid=60800&merid=60800&ctype=dm&cval=NONE&devicetype=desktop&pguid=9cbf6e5db8b216e0dcfe7451&viewguid=duzRQSSOlzZtoHIILhHhTqDRHlig65Ry6FMr&destUrl=http://files.downloadnow.com/s/software/11/88/71/.../setup_pepakura_viewer304_en.exe

http://blogattach.naver.net/891c9521360203b49c7d1e2810f08ff75a06f685/20151029_160_blogfile/.../setup_pepakura_viewer304_en.exe

http://files.downloadnow.com/s/software/11/88/71/.../setup_pepakura_viewer304_en.exe

http://cdn.mediaprogramasfilesdeliveryfast.com/c?x=O0P7EyXrVS4/t9IMaB59Q K4iaR5Sj9EFVdnrGFPnuM=&c=bCJpwount9jdoVBoMDQBXXI6G5A3Ybo3KJibWLMIxVEPurRxv1oPCp/O5iWNpQQ5gurWs5Xta7zqHYB7QMM7aA==&downloadAs=pepakura-viewer.exe&fallback_url=http://www.tamasoft.co.jp/pepakura-en/.../setup_pepakura_viewer304_en.exe

http://download.informer.com/.../setup_pepakura_viewer304_en.exe

http://software-files-a.cnet.com/s/software/11/88/71/.../setup_pepakura_viewer304_en.exe

http://pepakura-viewer.software.informer.com/.../

http://www.tamasoft.co.jp/pepakura-en/.../setup_pepakura_viewer304_en.exe

Remove setup_pepakura_viewer304_en.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.