» update_14.exe
Overview
Analysis
File Details
Network (4)

update_14.exe

Fast Downloader Media

The application update_14.exe by Fast Downloader Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 8a.3f.1632.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

update_14.exe

Publisher:

Fast Downloader Media (signed and verified)

Product:

Fast Downloader Media

Version:

93.5.1.606

MD5:

9377238b39278bf4e2ac9d2644c7d12d

SHA-1:

4499ef9bae1b12087d6575d8e997f7fac6471ccf

SHA-256:

3b6902408df6402c72b799251d6e53c1443796927080829de4f5ee489ead114c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 7:40:13 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Bundler (M)

17.2.23.19

File size:

896.2 KB (917,712 bytes)

Product version:

93.5.1.606

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\update_14.exe

Digital Signature

Signed by:

Fast Downloader Media

Authority:

GoDaddy.com, Inc.

Valid from:

12/9/2015 12:49:38 AM

Valid to:

11/7/2016 12:05:38 AM

Subject:

CN=Fast Downloader Media, O=Fast Downloader Media, L=Oakland, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

06DE6B1C05303BB5

File PE Metadata

Compilation timestamp:

3/14/2015 7:56:14 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x4D93

Entry point:

E8, A8, 92, 00, 00, E9, AE, 8B, 00, 00, CC, CC, CC, FF, 25, 68, F4, 4D, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 00, F4, 4D, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, D4, F3, 4D, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 1C, 02, 00, 00, 53, 55, 8B, AC, 24, 28, 02, 00, 00, 56, 57, 6A, 01, 55, C7, 44, 24, 24, 00, 00, 00, 00, E8, 8F, EE, FF, FF, D9, 7C, 24, 1A, 0F, B7, 44, 24, 1A, 0D, 00, 0C, 00, 00, 89, 44, 24, 1C, 8D, 44, 24, 24, 50, D9, 6C, 24, 20, 6A, 00, 6A, 02, 55, DF, 7C... 
[+]

Code size:

56.5 KB (57,856 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 8a.3f.1632.ip4.static.sl-reverse.com (50.22.63.138:80)

TCP (HTTP):

Connects to a92-123-180-194.deploy.akamaitechnologies.com (92.123.180.194:80)

TCP (HTTP):

Connects to a92-123-180-192.deploy.akamaitechnologies.com (92.123.180.192:80)

TCP (HTTP):

Connects to a104-86-110-8.deploy.static.akamaitechnologies.com (104.86.110.8:80)

Remove update_14.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.