a_festa_da_salsicha_2016_.exe

Setup Soft-ware

WMD Internet EIRELI - ME

The application a_festa_da_salsicha_2016_.exe by WMD Internet EIRELI - ME has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.ranchsendgift.com.
Publisher:
adsafiliados  (signed by WMD Internet EIRELI - ME)

Product:
Setup Soft-ware

Version:
1.0.6.45713

MD5:
4ea8c124e6594c1da7908fdccae78b52

SHA-1:
96eac8882d1aa87309d7ebf093fc65207d9302fc

SHA-256:
7de1fa1b4f11e8cb2e7ae6151af3dca28911dbdaf30e69551ed09d43d3a39725

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:06:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.13

File size:
1.6 MB (1,662,552 bytes)

Product version:
1.0.6.45713

Copyright:
adsafiliados

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\a_festa_da_salsicha_2016_.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
5/31/2016 4:21:42 PM

Valid to:
6/1/2017 4:21:42 PM

Subject:
CN=WMD Internet EIRELI - ME, O=WMD Internet EIRELI - ME, L=Bento Goncalves, S=RS, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EF6259F3BBE7A5361E2D78223CF5D28A

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file a_festa_da_salsicha_2016_.exe has been seen being distributed by the following URL.

http://www.ranchsendgift.com/HV05IPNY3nw9zw7kkQb0YBSEQOdL9dEW9z_6Hzfliy5pwuQb90RALdGi7_RYfoNOFh3JoRsaIbQdLZM5OpUcDP8LJxuWcUmlfptRowRlsqsfpC0K3AWJU4P0GLD9lHK2AV8byyr3JgbN0NPenCyGsdpgGiet9OUYgOYfQjV7pFUzAi_9Ci4XAMltIGunGzmo7ygreoDTHTd8g NCpVIGK VOsztg_1ehQgiXov4AtC5DtLyacbbYk362A ZVTY2Ad6PoJe8mckTo9 zmxZgsACEh1VLqukZsuzdc 87SW7PrGTznSEiUB8hfomafX53ym3oRiig9JJmmFXD8_v PeGUVui50qt_UGSsyQo5ifGazGHa79mYwpBqgBsANmtVxSmjOsXRU1Klg5nWLm_tummM ic0tgk8sWTUjTGDJjJ4dEVm8OZHsphhs8XJsDWreq2BGMbI404U9GcIWBgDheVo0T6ZopstxZWikrub0nrRf89_9LsQG_8uXAPbCdSGMYhH0Dkg04Ebdv6L1aoOwZaqnfzUO3OU_1qz2PuzyCOB8gEKdmx6kDAMp8BwLL6AjWWSNPREx_Q2JjVkr2VksVqathXmis3C31x1cei5HyH1FEFVKcmP6tS0OfZQVPhf42g eoasniaeX7VJtXOVZSGdOWKNCAAYhKJvaP5eKzzLGB2UEbUtgN_FVNlTQCMtARIU7O_8qAnJAt1NIYsq5Mb0F3NjS1UDNNEjFkUpUgfAawqJBAwvDkNP1MeEE7fgtzOyI1H6p4a58XrjnEkid1qJ4IpRknCNc7LI Yjvj5aQ37UfK2L2NCmbC0Pr80qut2dAoKGW_uKcajgB0Fr8jBwMi0lpK0gKs3RguMv4y4yROtw1iSVp7vGFjykJEAxELEej71aQxd6mmVTAMVchWRf_41ZhBkbWTZJHxDIahW IQ7XhhCOJAvJ8LWiYx28PofvUyNFp5s_J

Remove a_festa_da_salsicha_2016_.exe - Powered by Reason Core Security