» speedfixtoolsetup.exe
Overview
Analysis
File Details
Downloads (89)
Network (3)

speedfixtoolsetup.exe

Speed Fix Tool Plus

Interads, UAB

The application speedfixtoolsetup.exe, “This installer database contains the logic and data required to install Speed Fix Tool Plus.” by Interads, UAB has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from track.ahury.com and multiple other hosts.

File name:

Publisher:

FixBliss (signed by Interads, UAB)

Product:

Speed Fix Tool Plus

Description:

This installer database contains the logic and data required to install Speed Fix Tool Plus.

Version:

3.0.3

MD5:

69ed5213a2fb28183c005960609cc070

SHA-1:

c44b09c56b4d390f407f31c6752fe207a8e00c47

SHA-256:

18be04f20372c23ce2b60ea8995c1bb631ea005f8520a4424d235e4bb746ac1e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:46:37 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FixBliss.RegClean.Optional.Installer.Meta (L)

16.3.11.14

File size:

7.1 MB (7,472,136 bytes)

Product version:

3.0.3

Original file name:

SpeedFixToolPlusSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\speedfixtoolsetup.exe

Digital Signature

Signed by:

Interads, UAB

Authority:

Symantec Corporation

Valid from:

4/27/2015 6:00:00 PM

Valid to:

4/9/2017 5:59:59 PM

Subject:

CN="Interads, UAB", O="Interads, UAB", L=Kaunas, S=Kaunas, C=LT

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

6D385FBF6207159A583E3B1E8142BEB7

File PE Metadata

Compilation timestamp:

11/19/2015 5:24:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:EzW1+ueloCVSsm+nsF9+SF1Oxuj7J67mUX5S9T:EzWjeloCVSsm+sFwq1OQj16vJSh

Entry address:

0xC7B47

Entry point:

E8, 76, B2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, D8, 3E, 00, 00, 6A, 16, 5E, 89, 30, E8, 3E, 62, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, BC, 3E, 00, 00, 6A, 16, 5E, 89, 30, E8, 22, 62, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 95, 3E, 00, 00, 6A, 22, EB, D7, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C5, 8B, CE, 39, 5D, 10, 74, 0E, 6A, 2D, 59, 33, DB, 66, 89, 0E, 43... 
[+]

Entropy:

7.8104 (probably packed)

Code size:

1 MB (1,069,056 bytes)

The file speedfixtoolsetup.exe has been seen being distributed by the following 50 URLs.

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbuk-3&aff_sub=ekmwpdty_17_3611881

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3282987

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_3815897

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-yho6-3&aff_sub=ekmwpdty_5_4306524

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3708949

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbuk-3&aff_sub=ekmwpdty_17_3502904

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-advrts-us-3&aff_sub=ekmwpdty_38_4287751

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbuk-3&aff_sub=ekmwpdty_17_3522086

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rout-wl-us-3&aff_sub=ekmwpdty_23_3089941

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbca-3&aff_sub=ekmwpdty_18_3404435

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_2868557

http://link.safecart.com/.../aHR0cDovL2RrejNkbjBhbmZuYXguY2xvdWRmcm9udC5uZXQvU3BlZWRGaXhUb29sU2V0dXAuZXhl?msubid=ekmwpdty_23_3803800

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbuk-3&aff_sub=ekmwpdty_17_3487988

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho-us-3&aff_sub=ekmwpdty_3_3155927

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_4246575

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_4266558

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3486334

http://link.safecart.com/.../aHR0cDovL2RrejNkbjBhbmZuYXguY2xvdWRmcm9udC5uZXQvU3BlZWRGaXhUb29sU2V0dXAuZXhl?msub_id=102f5b8f711f90dc46a800809c200b

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_3363074

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-out-wl-uk-3&aff_sub=ekmwpdty_50_4258209

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3585555

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3512521

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-fb-us-3&aff_sub=ekmwpdty_10_4093356

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-fb-ca-3&aff_sub=ekmwpdty_18_3984247

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-fb-us-3&aff_sub=ekmwpdty_10_3875692

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=ryho6-3&aff_sub=ekmwpdty_5_4179433

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-fb-us-3&aff_sub=ekmwpdty_10_4066642

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=r-fb-us-3&aff_sub=ekmwpdty_10_4093469

http://track.ahury.com/aff_c?offer_id=25&aff_id=2&source=rfbus-3&aff_sub=ekmwpdty_10_3675837

https://speedfixtool.com/.../

Latest 30 of 89 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-60-139-27.deploy.static.akamaitechnologies.com (23.60.139.27:80)

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP):

Connects to a23-43-75-27.deploy.static.akamaitechnologies.com (23.43.75.27:80)

Remove speedfixtoolsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.