home

wolfteam_ps_20120503_ver279.exe

WolfTeam PS

Softnyx Co., Ltd.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Softnyx Co., Ltd.   (signed by Softnyx Co., Ltd.)

Product:
WolfTeam PS

Description:
WolfTeam PS Setup

MD5:
3aa544100af60c489bc5652b00cccd07

SHA-1:
92f316eb7aef5f6d232a59ed3372658bf6be0d18

SHA-256:
f4af80bc98055df83120ea74a8b746f443c34f47c0eaba564416365a431934a2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 7:50:41 PM UTC  (today)

File size:
855.1 MB (896,630,768 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Digital Signature
Signed by:
Softnyx Co., Ltd.

Authority:
Thawte, Inc.

Valid from:
4/11/2012 9:00:00 PM

Valid to:
4/12/2013 8:59:59 PM

Subject:
CN="Softnyx Co., Ltd.", OU=Server Development Team, O="Softnyx Co., Ltd.", L=Geumcheon-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
67EC9D5141EC2A9D9D3D6EDB2F301C9B

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
25165824:UYsat9gHOpuVaYnrUYGkRj21kTqtLH36Ln:X3XFg8Ynr/GkOPtLqT

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file wolfteam_ps_20120503_ver279.exe has been seen being distributed by the following 7 URLs.

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1479374884&Signature=WK3h3ViSEuAZXw7OT134FwDeXteWM17cOPqn-TkJd~ELxwYxobIcR1xbrrj19ZCDK-9rrDUtUn6~~IQ9MEaoZ4c0zXS3cnbdl9eUY1fBB5IdfQW8XcVl82O5JyBBjr1RuaiQdiqyl9OhjCzgwtdrC4lo~Nf4UmbLd60RMQbFiGI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1480300246&Signature=f0pQ5DmEQcSmWeVfBKwnj1NkRsiIuAQ1pO-uSyPf2PQduZ9NUbgUWlrGZD-z8u8GKhwWg-~uVF4~gOPMwjRVW2zvKRrEjLc1HvgZSCuMdniVoSNWY~xX99C76LfdETvL~tdPeQrwahBnxcwSYPc7LFpHj862XIiPlPaNYavcKR8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1470972411&Signature=Ig9Ry47~QEgtUL3ix7k8aeY7bVw8r6imAdPN-nQyfz5FK8TTOUaQECUg1LNg5WYdOukWqboDTklLbvR0O~306loLp7MzbFEi5c~ucU5yfWtJbG2PWNkEU5m5HnaA-gbTwn8XdN0WYSPOsq9MUjEzm2E2n~FdrrUs2wbSx36~8uM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1476167962&Signature=IHySP0Ee6yrFjMm7c9j74NMuNPI0Sg~pbVJhIB~-sZXAUUnhVhDOwiy5Nn~BxIAm7RxNqFgJZyti8sx7b-5jMOuHeP1u1s28GdpcijfVQSsxx1F~SZGFjv8KILMR7ZCReaBzk0glxsD8nVfLWCiUCjCroTF2oF2OPO3NiXo-jVE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1481341152&Signature=PJTwp2PcRm7b-CcHU9VejQtHgW1~olqw54zp5rC5SdJ6dKo5nDo1fsWr4VPZQCL0shNtrBxqhN72FiU7x7smEXQ8XjFF~V5rQsJafzCHV5Sed-~UvcYXag8lMOUNgxz~WCE3Z1Xy2hTVlTHBGQdfND~cxo49NaW5pVYRNqUJrCA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1462630251&Signature=CRLoPY7PzkobIaHZ3ztJeDp~Syl9hLuukv8VpngPSaJnEqeMUCo3zZiGb04~lObOXBFyEfCS7ArswqLbwzlsbOaASu-r6Sy9nd2harlNZAADXxFHfJJ315D9R9CrqV~x3c8K0VSQqa0x9G3hLw2u~e72MMxuos6fRinDvev~dWU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

http://gsf-cf.softonic.com/92f/316/.../file?SD_used=0&channel=WEB&fdh=no&id_file=68749&instance=softonic_br&type=PROGRAM&Expires=1453599346&Signature=MeeXGC~UBGOZRVQ6QEgr1k2GE3ZUk-Avvob8xv-O5xxYzvxdRCJTIewEUNdm8NB48opzt5dvIrfrQpr0C8knzC7gYQ4xN~N-il1Mzwr1uSWoI4eJ1VlcZ5K3hZgV6dqUG3Tyr9DqXpla1h0iozmvYibmmSLVM0i~b4X9wgFcMHY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=WolfTeam_PS_20120503_Ver279.exe

Scan wolfteam_ps_20120503_ver279.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.