home

smadav_2016-rev.-10.9.exe

Kilipup

Sivensys SRL

The executable smadav_2016-rev.-10.9.exe, “Kilipup Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.funcentralnew.com and multiple other hosts. While running, it connects to the Internet address generic.external.zlb.scl3.mozilla.com on port 443.
Publisher:
Sivensys SRL  (signed and verified)

Product:
Kilipup

Description:
Kilipup Setup

MD5:
ed7e9f9bee1d2f95d72c214677e4b0cb

SHA-1:
62177becd1db1967711afda23fb92daf5f731ef7

SHA-256:
f3555defb8e088ea6c4f92a32267672c21c68150907e7cb239f526cf6a99d131

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/11/2024 7:54:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.2.10

File size:
1.3 MB (1,385,368 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\smadav_2016-rev.-10.9.exe

Digital Signature
Signed by:
Sivensys SRL

Authority:
GlobalSign nv-sa

Valid from:
10/20/2016 10:04:57 AM

Valid to:
10/21/2017 10:04:57 AM

Subject:
CN=Sivensys SRL, O=Sivensys SRL, L=IASI, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
0D38E905F0B0BA5733036DFB

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9867

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file smadav_2016-rev.-10.9.exe has been seen being distributed by the following 3 URLs.

http://www.funcentralnew.com/d1OhWRXjc30 G9DSHELn0LqQsrZKzA77f8YM_EeTjxUdmyW2IwVzIgKyyCWHM27ILnFiaWl40KJ6jquzOUQxsAu26bXn0cTvOaWF1gp8gPdO_EFMrNSGICYe0WLs LZGanWln3wfrXEm6ZHbBZJSI9St8LM_4Ynida01X7oM4Wm2JStKzFa5V7vB5rhA2EsTpuLZ3nvw8fDIPgWFD_powu6V_bszDw==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/RVvuu orGVhLJOJF4aI6d1PXJzX5f0WTBpdNOnQoA9VnWpXfkXKCYDMdBEqXDTCHRHqsdOEe8avLZ1tzY0EE3m6obTasRLk1Lapg1L7EzIHWX8ajNqoh1pNmXl48xx_npSo5089tOJtb2hhqOd8fCuBw82T4CtlZFRScTMHNwBq7mvJyBV8sjTehmSWSi1FnmDVEGvxDq6d _8FelxGPitebz wjAwNk6skE0hK8xxX58_knnkjAD7tUVxnQAvqYIWyzKOr VljFnNB0AaHeAxtugxXpbvoUBOwusa3DRdR3Io3AeuluG6O4uQf7mna2Mb1OPSHVTcd8t6VawKNFWpseSD_NvaCaqH34xV9PBkPVXqN7Zqm0qXBzw4BPTeIiwNiDefamd1jQQ4_vYymKcdu ZIYsz_BC iFZTjDZDuWjsk9wdDKYAW lpgRYtnINn6F0KN4 RkNWlpfO3NPH80h7klRtfyx__g2B5qOSwUTMGQ7VvVioUMz mRHL6ymjcVXq_pdk8Rkrat84jV1_hlnxDzxMoA==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/MZDXGb3HSLfrYroLkZUvylSICrlJGjqPrl0ey_hiA79Uxq9LYX3KfRlVQs51Lw3yL1C j52s hkRInpGp1zJHqtfYu_JWyQH9K89QQ3dgLCsxEbOY8F3r5FgGWPzjRCyQCtXvNc8HoJd5ZXHetKpH5wJqV UTmZ_1KaLPX9KEW4rXmopR7LtzNV AiEzbqOoQdCp5AO8Yjja36PYWJIVLNGl7ZYjhwhv2DaLDtVdmYWwM0XbM9Oe2xvfAZKd0Wsomp2yl4TL73xZ4nZ2lrb28PH8YkmUOyYG1iVEC_hRZoUTgGRVNip3KyWZiUX8N5y6hdbziUaek O24LTKXoOpO54IdRdW75ytZHRtlY2d2Vco1ay4 egBF85oSzCjXaEcytw31zb_M4E3BpV 1ZQ8q_dMSDhEtsfroeLEfM70l2WSNA__Dm U2CYG_S I0PJ5jYjPAqE7bVdiHX3Qn AaUw7ZgsUZ3DyK2nenmREm bXLCL79U5hNK0RZKeg7jR_2YtgDP5cxBC2d7AOBA18ZOAGjHXlURA==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to generic.external.zlb.scl3.mozilla.com  (63.245.213.12:443)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.81.136:80)

TCP (HTTP):
Connects to ec2-54-154-190-87.eu-west-1.compute.amazonaws.com  (54.154.190.87:80)

TCP (HTTP):
Connects to ec2-52-49-170-39.eu-west-1.compute.amazonaws.com  (52.49.170.39:80)

Remove smadav_2016-rev.-10.9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.