home

additionaloffers-setup-5553281.exe

Garden Variety Media

The application additionaloffers-setup-5553281.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from mirror.downloadnet253.com.
Publisher:
Garden Variety Media

Product:
Garden Variety Media

Version:
54.7.1.6637

MD5:
86817257c05a7c2c577aecbca86f0e79

SHA-1:
ec0afb6fa2ef8c7d49260f8d776aeb1f279cb66d

SHA-256:
afc553c333e6102417e78bdbdb35b092a8e725b1a13f3db51d439d3621881352

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 1:09:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

McAfee
Program.Artemis!7BEED11B5DE0
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.798.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
956.2 KB (979,104 bytes)

Product version:
54.7.1.6637

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\additionaloffers-setup-5553281.exe

File PE Metadata
Compilation timestamp:
12/2/2014 8:40:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:CH5QiLdmbBf502+ht3na6cEutQJNHHQ+ZuTbaSJj98:U5QYmbBh0Lb3bZuCQ+ZuT2SJa

Entry address:
0x4AD6

Entry point:
76, 02, 8A, E8, 8A, FB, 69, F6, 82, D8, 17, 23, 84, E3, C6, C3, F6, 05, 2C, 85, 00, 00, 81, DB, 88, 06, A7, 10, C7, C6, 8E, 23, 57, 4D, 88, C3, 2D, 36, 0F, 00, 00, 1B, C7, 89, EE, 15, CF, 4C, 82, 6E, 28, F5, FE, C8, E8, 75, 00, 00, 00, B4, 4A, 81, FF, 41, F4, 00, 00, 75, 02, 2B, F8, B6, AA, F7, C1, DB, 6A, BC, 0A, 85, F1, 78, 03, 80, D6, A1, B4, 89, 86, F6, 80, E6, C5, 8D, 3D, 4D, 27, 00, 00, 0F, B7, C1, 8D, 15, 73, 65, D8, 95, 81, C7, 8A, 0B, 00, 00, F3, 86, F4, 57, C6, C6, 7D, 5D, 8D, 05, 7D, CB, D4, 3C...
 
[+]

Entropy:
7.9686  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file additionaloffers-setup-5553281.exe has been seen being distributed by the following URL.

http://mirror.downloadnet253.com/binstallers/BM2/kmplayer/exe/4031/.../additionaloffers-setup-5553281.exe

Remove additionaloffers-setup-5553281.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.