home

st_091286.exe

C4DL Media

The application st_091286.exe by C4DL Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from snipli.com and multiple other hosts.
Publisher:
C4DL Media  (signed and verified)

MD5:
13c1df4be4326b87f1a49c4f76a7b588

SHA-1:
0510aeef417cc7ff82e1598ffcefcaaf86b425ff

SHA-256:
3ff6b82bd81f70ee50df0e355fc485fb3fa7f06e050ab3cc34061406e8ec0c78

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/5/2026 12:32:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.C4DLMedia (M)
16.1.26.19

File size:
146.2 KB (149,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\st_091286.exe

Digital Signature
Signed by:
C4DL Media

Authority:
thawte, Inc.

Valid from:
11/26/2015 7:00:00 AM

Valid to:
11/26/2016 6:59:59 AM

Subject:
CN=C4DL Media, OU=Tech department, O=C4DL Media, L=Stockholm, S=Danderyd, C=SE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
70D154A322A603A8766AC35933E06140

File PE Metadata
Compilation timestamp:
1/22/2016 1:01:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:PxKzC+8BJ/eJ8Ga0owlG1M3cpD5t1vteh+Q1k+Q1Y5/:JDshlGm32+1h

Entry address:
0xA6BE

Entry point:
E8, 1A, 2D, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, BC, E6, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 10, D0, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, BC, E6, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01...
 
[+]

Entropy:
6.6276

Code size:
84 KB (86,016 bytes)

The file st_091286.exe has been seen being distributed by the following 3 URLs.

http://snipli.com/vvv

https://downloader.disk.yandex.ru/disk/ae996660a37ecbc9f52afbc04b33c55d2e001b706a91966ab622afac93dca806/56a89356/.../x-msdownload&fsize=149696&hid=c0212ec2626d6c42b6fd617bef1d3748&media_type=executable&tknv=v2

http://snipli.com/ggg

Remove st_091286.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.