home

ares-destiny-3.1.exe

Visual Tools

The application ares-destiny-3.1.exe by Visual Tools has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dw3.uptodown.com and multiple other hosts.
Publisher:
Visual Tools  (signed and verified)

MD5:
ed3dd994d92f7549cc04449012a03132

SHA-1:
f7ed466aee6d3ae1889dfc9338d84bb7e71396dd

SHA-256:
580ba5a019e5a63503173a2eb2ade59bd6639f0125ec1d1ceb016e50252babc2

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/30/2024 2:50:57 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Babylon.14
9.0.1.0363

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9177

herdProtect (fuzzy)
variant of nfsmwdemo.exe (Adware)
2013.12.20.16

Malwarebytes
PUP.Optional.Babylon
v2013.08.24.01

McAfee
Artemis!ED3DD994D92F
5600.7177

Reason Heuristics
PUP.VisualTools.P
14.8.7.21

SUPERAntiSpyware
PUP.BabylonToolbar/Variant
10886

Trend Micro House Call
TROJ_GEN.F47V0819
7.2.236

Vba32 AntiVirus
Downloader.Agent
3.12.24.3

File size:
767.1 KB (785,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ares-destiny-3.1.exe

Digital Signature
Signed by:
Visual Tools

Authority:
Thawte, Inc.

Valid from:
1/9/2013 4:00:00 PM

Valid to:
1/10/2015 3:59:59 PM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
7/31/2013 1:41:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:/jPGsZfDKT3OUm+GqEgb8jN+1Cet5Mqc2AvFqgHs78+sA+kl3xmPmeh4H7E+BVwO:/jeiGT3PLpEDjNUCWc2MFqOV+9+Q4PmN

Entry address:
0x1C48

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Entropy:
7.9132

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

The file ares-destiny-3.1.exe has been seen being distributed by the following 2 URLs.

http://dw3.uptodown.com/dm/3/1377282105/fc8c000a76453950e3d30c2feca54645ddb3ce71/.../ares-destiny-3-1-en-win-setup.exe

http://dl.cdn-services.com/site/files/autoprtnrp/.../ares-destiny-3.1.exe

Remove ares-destiny-3.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.