» a_festa_da_salsicha_2016_.exe
Overview
Analysis
File Details
Downloads (1)

a_festa_da_salsicha_2016_.exe

Setup Soft-ware

WMD Internet EIRELI - ME

The application a_festa_da_salsicha_2016_.exe by WMD Internet EIRELI - ME has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.ranchsendgift.com.

File name:

Publisher:

adsafiliados (signed by WMD Internet EIRELI - ME)

Product:

Setup Soft-ware

Version:

1.0.6.45713

MD5:

4ea8c124e6594c1da7908fdccae78b52

SHA-1:

96eac8882d1aa87309d7ebf093fc65207d9302fc

SHA-256:

7de1fa1b4f11e8cb2e7ae6151af3dca28911dbdaf30e69551ed09d43d3a39725

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 7:42:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.3.16.13

File size:

1.6 MB (1,662,552 bytes)

Product version:

1.0.6.45713

adsafiliados

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\a_festa_da_salsicha_2016_.exe

Digital Signature

Signed by:

WMD Internet EIRELI - ME

Authority:

GlobalSign nv-sa

Valid from:

5/31/2016 4:21:42 PM

Valid to:

6/1/2017 4:21:42 PM

Subject:

CN=WMD Internet EIRELI - ME, O=WMD Internet EIRELI - ME, L=Bento Goncalves, S=RS, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EF6259F3BBE7A5361E2D78223CF5D28A

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file a_festa_da_salsicha_2016_.exe has been seen being distributed by the following URL.

http://www.ranchsendgift.com/HV05IPNY3nw9zw7kkQb0YBSEQOdL9dEW9z_6Hzfliy5pwuQb90RALdGi7_RYfoNOFh3JoRsaIbQdLZM5OpUcDP8LJxuWcUmlfptRowRlsqsfpC0K3AWJU4P0GLD9lHK2AV8byyr3JgbN0NPenCyGsdpgGiet9OUYgOYfQjV7pFUzAi_9Ci4XAMltIGunGzmo7ygreoDTHTd8g NCpVIGK VOsztg_1ehQgiXov4AtC5DtLyacbbYk362A ZVTY2Ad6PoJe8mckTo9 zmxZgsACEh1VLqukZsuzdc 87SW7PrGTznSEiUB8hfomafX53ym3oRiig9JJmmFXD8_v PeGUVui50qt_UGSsyQo5ifGazGHa79mYwpBqgBsANmtVxSmjOsXRU1Klg5nWLm_tummM ic0tgk8sWTUjTGDJjJ4dEVm8OZHsphhs8XJsDWreq2BGMbI404U9GcIWBgDheVo0T6ZopstxZWikrub0nrRf89_9LsQG_8uXAPbCdSGMYhH0Dkg04Ebdv6L1aoOwZaqnfzUO3OU_1qz2PuzyCOB8gEKdmx6kDAMp8BwLL6AjWWSNPREx_Q2JjVkr2VksVqathXmis3C31x1cei5HyH1FEFVKcmP6tS0OfZQVPhf42g eoasniaeX7VJtXOVZSGdOWKNCAAYhKJvaP5eKzzLGB2UEbUtgN_FVNlTQCMtARIU7O_8qAnJAt1NIYsq5Mb0F3NjS1UDNNEjFkUpUgfAawqJBAwvDkNP1MeEE7fgtzOyI1H6p4a58XrjnEkid1qJ4IpRknCNc7LI Yjvj5aQ37UfK2L2NCmbC0Pr80qut2dAoKGW_uKcajgB0Fr8jBwMi0lpK0gKs3RguMv4y4yROtw1iSVp7vGFjykJEAxELEej71aQxd6mmVTAMVchWRf_41ZhBkbWTZJHxDIahW IQ7XhhCOJAvJ8LWiYx28PofvUyNFp5s_J

Remove a_festa_da_salsicha_2016_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.