home

shopop2_20140805.exe

Sp_2

The application shopop2_20140805.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
Sp_2

Product:
Sp_2

Version:
2.0

MD5:
29e51e39bcc70a616e0f940013078793

SHA-1:
ff1dc43be4596ae6036f47b89941e0e6e19c584f

SHA-256:
f41d089daa9c18428fbf96d14461806c2000c8029ba5bbec43c44ca30f4f65a5

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/24/2024 11:24:57 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Baidu Antivirus
Trojan.Win32.Inject
4.0.3.1488

Dr.Web
Trojan.Packed.28387
9.0.1.0220

Kaspersky
Trojan.Win32.Inject
14.0.0.3437

Panda Antivirus
Trj/Chgt.C
14.08.08.04

File size:
9.8 MB (10,308,605 bytes)

Copyright:
© Sp_2

Trademarks:
Sp_2

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\shopop2_20140805.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:Y/Tva0b6tXRaw5R+5eg/0xxSdhzIXoiDZ/tl+yGDujJ7zwgw6+6ZEaVd4P:YryC6hRawyRcrSHGvGKJ7zwg9Bdk

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file shopop2_20140805.exe has been seen being distributed by the following URL.

http://cdn.file2desktop.com/.../Shopop2_20140805.exe

Remove shopop2_20140805.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.