home

ufasoft_sockschain-4.221.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ufasoft.com and multiple other hosts.
MD5:
bc0f341b0a6be3bbd9030c8a3005e1b6

SHA-1:
5b2a27dcd7505afe7a82eae088608a13f4d6248d

SHA-256:
da575d571f02e6aa5a24505b8e2690b3adcb0fad8dc99d9b3f5564e933ec98ef

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 9:11:55 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
hacktool program Tool.BtcMine.538
9.0.1.05190

K7 AntiVirus
Unwanted-Program
13.203.15688

Malwarebytes
PUP.BitcoinMiner
v2015.04.23.01

Quick Heal
(Suspicious) - DNAScan
4.15.14.00

Sophos
Bitcoin Miner
4.98

File size:
3.6 MB (3,747,543 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ufasoft\ufasoft_sockschain-4.221.exe

File PE Metadata
Compilation timestamp:
3/30/2015 7:38:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:P5ok7yTvLHsyy5KzZjSh09XUVSQ+pKVEyU735IxDI7q5FgoGZsYNxvuAGkoAJgqG:H7yLM75KzVESIYec7q5nyNunpqHU8XE

Entry address:
0x4B5F

Entry point:
55, 8B, EC, 83, EC, 44, 68, 0C, 60, 40, 00, 68, 00, 60, 40, 00, E8, 37, 00, 00, 00, 59, 59, 8D, 45, BC, 50, FF, 15, 88, 50, 40, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, FF, 15, 84, 50, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 68, 50, 40, 00, 50, E8, 85, F3, FF, FF, 8B, E5, 5D, C3, 8B, 44, 24, 08, 53, 56, 8B, 74, 24, 0C, 33, DB, 2B, C6, 83, C0, 03, C1, E8, 02, 39, 74, 24, 10, 57, 1B, FF, F7, D7, 23, F8, 76, 15, 8B, 06, 85, C0, 74, 07, 83, F8, FF, 74, 02, FF, D0, 83, C6, 04, 43, 3B, DF...
 
[+]

Entropy:
7.9995

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file ufasoft_sockschain-4.221.exe has been seen being distributed by the following 4 URLs.

http://ufasoft.com/.../ufasoft_sockschain_4.221.exe

http://www.ufasoft.com/.../ufasoft_sockschain_4.221.exe

http://www.logitheque.com/.../59d0e4cc.dl

http://ufasoft.com/.../ufasoft_sockschain_4.219.exe

Scan ufasoft_sockschain-4.221.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.