home

_update-8bd8-d1fa-f672-1051.exe

Netsoft Holdings, LLC

The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from hubstaff-production.s3.amazonaws.com and multiple other hosts.
Publisher:
Netsoft Holdings, LLC  (signed and verified)

MD5:
197d7f348a71a5458c199eb713b7005d

SHA-1:
6313e4b3d4cff9e0400b89cbb95fb8dab3c7be4a

SHA-256:
166137b8bd6e4f52eeca08811996aa682864bd5a0cc40498170cbe817062e7b3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
7/3/2025 2:24:51 PM UTC  (today)

File size:
8.6 MB (9,057,168 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\_update-8bd8-d1fa-f672-1051.exe

Digital Signature
Signed by:
Netsoft Holdings, LLC

Authority:
GoDaddy.com, Inc.

Valid from:
2/13/2015 1:51:39 PM

Valid to:
2/13/2017 1:51:39 PM

Subject:
CN="Netsoft Holdings, LLC", O="Netsoft Holdings, LLC", L=Fishers, S=Indiana, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
523A281F8527B211

File PE Metadata
Compilation timestamp:
7/20/2012 4:48:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:5XNy1raXBpbxySmTe9f+/tIv6A6a4PGqHZ:UraXxyA+avK5

Entry address:
0x4171

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, C7, 04, 24, 08, 00, 00, 00, A3, 30, 7B, 42, 00, E8, 6D, 3C, 00, 00, A3, 8C, 7B, 42, 00, 8D, 85, 88, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
7.9368  (probably packed)

Code size:
34 KB (34,816 bytes)

The file _update-8bd8-d1fa-f672-1051.exe has been seen being distributed by the following 2 URLs.

https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/.../Hubstaff-1.2.1-79428cc.exe

https://hubstaff.com/.../windows

Scan _update-8bd8-d1fa-f672-1051.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.