» angry_birds.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

angry_birds.exe

Yappyz

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application angry_birds.exe by SIEN S.A has been detected as a potentially unwanted program by 29 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from stapi.yappyz.com. While running, it connects to the Internet address i0-h0-s4.p1-gru.cdngp.net on port 80 using the HTTP protocol.

File name:

angry_birds.exe

Publisher:

SIEN (signed by SIEN S.A.)

Product:

Yappyz

Version:

6.50.2.0

MD5:

99817820b5e7219ccc90a5f0edb2a601

SHA-1:

ea632036ff3f882cbf3975ce39ec9a200ab5124b

SHA-256:

daed0dca43ae8289d5b02d05ce1560a2e01b44e10c1feb18636b5e97c567039d

Scanner detections:

29 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 2:49:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12528975

378

Agnitum Outpost

PUA.ToolBar

7.1.1

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Baidu Antivirus

Adware.Win32.ToolBar

4.0.3.16122

Bitdefender

Trojan.Generic.12528975

1.0.20.110

Bkav FE

HW32.CDB

1.3.0.4246

Dr.Web

Adware.Downware.9516

9.0.1.022

Emsisoft Anti-Malware

Trojan.Generic.12528975

8.16.01.22.05

ESET NOD32

Win32/Toolbar.Iminent.C potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/Iminent

1/22/2016

F-Secure

Trojan.Generic.12528975

11.2016-22-01_6

G Data

Trojan.Generic.12528975

16.1.25

IKARUS anti.virus

PUA.Toolbar.Iminent

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.186.14239

Kaspersky

not-a-virus:AdWare.Win32.ToolBar

14.0.0.776

Malwarebytes

PUP.Optional.Yappyz.A

v2016.01.22.05

McAfee

Artemis!B87FA8908E19

5600.6512

MicroWorld eScan

Trojan.Generic.12528975

17.0.0.66

NANO AntiVirus

Riskware.Win32.ToolBar.dlohfy

0.30.0.65070

nProtect

Trojan-Clicker/W32.ToolBar.853328

14.12.03.01

Panda Antivirus

Trj/Chgt.L

16.01.22.05

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Quick Heal

AdWare.ToolBar.r5 (Not a Virus)

1.16.14.00

Reason Heuristics

PUP.Sien.SIENSA.Bundler (M)

16.1.22.17

Sophos

Generic PUA AB

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9370

Trend Micro House Call

Suspicious_GEN.F47V1116

7.2.22

VIPRE Antivirus

Trojan.Win32.Generic

35416

Zillya! Antivirus

Adware.Toolbar.Win32.122

2.0.0.1998

File size:

833.3 KB (853,328 bytes)

Product version:

6.50.2.0

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SIEN SuperInstall

Language:

English (United States)

Common path:

C:\users\{user}\downloads\angry_birds.exe

Digital Signature

Signed by:

SIEN S.A.

Authority:

VeriSign, Inc.

Valid from:

8/21/2012 9:00:00 PM

Valid to:

8/22/2014 8:59:59 PM

Subject:

CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

514EA00D30C8C244C3E818890BF73967

File PE Metadata

Compilation timestamp:

2/6/2014 6:57:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:0xGVL6hBH8HwOzJadKJyhTIQYdIjPGbcTz4rdsoyVOHhYGiF+g+Ma6oX:0T3KSzb9sdjyV/+MPe

Entry address:

0x5952E

Entry point:

E8, 11, 82, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 50, 2C, 4A, 00, 75, 02, F3, C3, E9, 72, 20, 00, 00, 56, 6A, 04, 6A, 20, E8, 13, 87, 00, 00, 59, 59, 8B, F0, 56, FF, 15, FC, 01, 48, 00, A3, E0, 94, 4A, 00, A3, DC, 94, 4A, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, F8, 96, 49, 00, E8, 0E, 40, 00, 00, E8, 78, 3E, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 29, 40, 00, 00, C3, 8B... 
[+]

Code size:

506.5 KB (518,656 bytes)

The file angry_birds.exe has been seen being distributed by the following URL.

http://stapi.yappyz.com/yappyz/.../setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to i0-h0-s4.p1-gru.cdngp.net (174.35.93.7:80)

TCP (HTTP):

Connects to i0-h0-s1007.p1-gru.cdngp.net (174.35.93.27:80)

Remove angry_birds.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.