aresregular228_installer.exe

The executable aresregular228_installer.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
9484eb49d2779ee4ae91395a94b9cfcd

SHA-1:
5fb0f1ebfec92a2507f16bae6c1c2472df46f12d

SHA-256:
ce192ae4ecbc365be9d75c223deb422c2c4222980ad386968f7723870c628074

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/23/2024 8:20:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.7.0

Trend Micro House Call
TROJ_GE.05C4FC3B
7.2.101

File size:
4.4 MB (4,584,243 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:SBX2WPYiMA+fjzC0ELau2mppwliAKEGXhKXXvav:pfjO0caureRGcXXvav

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9979

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file aresregular228_installer.exe has been seen being distributed by the following 50 URLs.

https://dw.uptodown.com/dwn/4tCGvkuLSIaY1HcGkGWZN6KtQ-JpvskfSaFtcofMhXOzNfZIgB_ObSEMZyHqMPz03hFjf0OOUyZLuawyyc9mqgDTp5eZaELrifX3g0o7ZsS3-0zd9QtXwLfC6QiJGO9d/PuX76wSUvcload6waa5zXiTQofBSorE_7uIA-1K830wD7tARC0q1b2n0nQEleRLNc2mTO-al-5WPDjgw8hSCoZqMKVqmFtQSwe1G4AD7oizwf2xjv3Hvaerm_7K2nJKT/QXbeXZqWK2e_F945uDAXeibLiy21QUwbGlBCDXJfpcsFnW-RmlqJdW7lKq1piqomOE7xPCXjy8npqjL_GgjqqdfzxPPBb2Jw781_orWkHV1BgPn-eGfUoYlZXr8ozcis/.../

https://dw.uptodown.com/dwn/-LIq8JEOSp20gO48l47IxgHm9PIe_dL8d7Vu_yWAU_pj3OIJRLj4kVXJjpSi-tMY_QTYHNFoaWWRu58h2ROqaKZ7biwEw9KomLldQzMQYlEM65Et5eGogUDMYzXcq6Nr/CEWbUSaDPgAQyGLqH0nGGXKSxyeabx-IY79BXonYJ7ThyFXaP5JPcfScGDdjwGHBAHgGMNhxyR9LozrvX-eXDpPR9KMvVg6ZgPvmNkfJhk3RLxLYwFLcuN-Q1hBf8rvJ/zYN50-Zp3BebA-HebWHvqjtMdGGf54o_mvF-WD7P-U_9hjyVNhU8CBeHQZaWuaDMSxAu6w0prGx8adhaTKYB7eKVwO3Z5JZRbh4HYLRQyfobqwn29sD12YpdSEQivldO/.../

https://dw.uptodown.com/dwn/k7U8qQueVkNzgwRMGAtoDlJOpMcz-OwOMdgX8vqIswuCgc5bHwd-ilTWYy6M9bchPO--I_BnY7yeLrCYJMDlzEJ7toBs06pu31srRbEoqukoHhfDxTvLC87l8TkXjY7Z/EExicWDVN2KyL47YqMqHTuApo2HWLp56mCIYbVEAaCrr0HC3G9zCKrMHGsy8CjXxHQYkiH8h-EgplOnrErNy-z6saO3VtAxGOz2wYUE661QjuCbDYfcUr_QuSt0pPXGH/3jUPnsJkXGW0jjFkpCMTm9_KcVgVCtU4yURnv_t8pCMqTzcbi6L3LqlogcX9ZlTv-CZlCKOdZ-2OhEFiYQepLm-kDY_EZJswQ5cY4-90rszKRYwRP30uRvCqLfFaYVqY/.../

http://dw.uptodown.com/dl/1446472954/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

https://dw.uptodown.com/dwn/T3oHrrF7yaj17cG8lO1bZrTpMbTevO3UUUm5wpap9xh3rsCP3wbEZKyFPtiHxwvUhCdItA_PwqtG4W8kWLWikUOnEhZpeegHc-XYNgyl9w13_2xOl01COVPSgVDEZ8PN/6VI7XDHZdjxFuT0ADY0pDDMPiTLykIRi1fOjKd6nbj9hKblfZA6KzTTOMSdEQAjVasfpOGvOuVmMsB0lPXKAfZiSdVmtjar9h9dlzlUFA2MMDfMBoD0TtG_YimZ1clWP/LOPPS8kIV_0kW5UFoILslS-XYBgBwvMOvTy-0-TkihmMU-mU6SDVx0AIsSFw7Y6CrSmIg1dXf80HsZHUwpy8vcED_BYBuZhawWux324fawX9uakU8gU9wTj3eIqg0gLd/.../

https://dw.uptodown.com/dwn/vlBK74M-b7ivYYuS6fuzc8BMLTpR-b4oRdl54AIV5GZwaBo_RDkgji6L1_ZDx1M9nUnrK13AD3fTjXPDrZwC8G0f1AKrY1Ymv8ZX16d9DmvyrylrYULHiRVDmKsmc4mh/mraB1TpzX_n6tz1nTvKQz7-7CL58O0czygSsKP5VtnXWWtLMZ8UqE_GIN8wqDKun7aUWacKLurxLGVRojEQHpAZKyQy7NthV16UJr3bHTqloPap_8NdVs3d-eJ5VOLEC/P_mzd65ulgG8tyTmegunvHwLcYSrTJR7vpsWzG-pk2nQ2SfICQop_5YN6tPelzUq938xWus5AlWD7mmky3YBs9HKeyRmPbe5R1vRzvEN1dlEk7WGt4DmP3toaj4YF4GP/.../

https://dw.uptodown.com/dwn/t58-Q4FO62si3vD2CcSt32M1OPhwFasLhqPq7upuLxgJwg61OsET3nlm10-Cc0ZAFpA4-7IRKm7AMNmfbzZWjldLJ8ouc2YGrDgA5leEzBxmGS15yQ0iE4pyhud1rkvI/Uv9Ws2rKlsqJjygWlBmFVc_jd-Rx5pTCav5cjd8mG6cCeKgJKrK9txymflptfCI0i9JsLqJC-13-wAY9lFvI0ReRD3SIppNFY4Gi9aIRZcHcNhBl_RdQCIx-djlHztGF/JGvpfs_rJXQb7cKr_-1quR0_FD520usAEYT0d-DW6oZUE8sX91uPUcco7axms4Ujhh78lRG-E2zbd76gN7FCiCaE4qRtcPdaSb0zx280sB5bYW_rOPhje_0nZNjDnwYx/.../

https://dw.uptodown.com/dwn/IXSmZLjlq68DkNFGgYpOntU_ZEqIj40G-8wRtqg1hZqRR7_ytKE-PRP9liP_k8yS7kVgETj60WQHVO_e5LSY5w8sYbd9N3Krx7mKpVOu38jheTZK1RSwJSX5rnpj-Ve9/DE82uIB8w-6cEY8P2GpCrOR_ZfTgqrSdy6IvJpMi1kUmL7h1ATDnadlXsQ8TEAe7byJL9MVGwNeqF4b6uGu1dqM3Gi748mXpf7EEc1ki9dJQcw2pjy01PDkoHQW9pfO3/hKkDMUk13M4Y_KKjK8EAtoLL5RLMSejfAYFqECt8rAPfU2bHcZInQCWH8FzX2Gox07EVBUjbmQqcVNovhHRN0qW5IBhbLW5WPQWTaBlfJh0MPPpu_vuNZ2dQ1z2S_iGb/.../

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../ares-galaxy-54-91-4102732.exe

http://superb-dca3.dl.sourceforge.net/project/aresgalaxy/aresgalaxy/.../aresregular228_installer.exe

http://filehippo.com/es/download/file/.../

http://www.filehorse.com/download/file/.../

https://dw.uptodown.com/dwn/D_HBIFvMs3W_VDBBUmJ-nNeWjMjWNov0ym6kgpBR3A7KqZmiTuFF1FktzRRn9ba0yBNcAsw2YGQLcQvmBw6HjtXCZenJuzszgkn1gy-pPfsoD8riCNruw5YGKZwySJDC/8VsNOrgMx5cwXybKcJw4XcONnP5xBr1KNXcLWBC9IIeHXsft1TgbigyJfBHQXXQ8-Ckq6p2-nhRY9gnaXZh_RLN-c81xrWL_8Lvn87M8GME-Shv1hKogeD9jdMA-1EcL/sZUD1r6RZZUfMFJya_hbwgYJB-354-MuiB6gHHfjpxcabU7fVrTakxZMxsKNdQc8dU1GQoI8QDR4YFG_Ku5xOK1Dn8BMuOBLdjh5SH6_M_BUjA3tWcsdKJ1l5nG5VHUM/.../

http://dw5.uptodown.com/dl/1413248905/.../ares-2-2-9-multi-win.exe

http://dw7.uptodown.com/dl/1413081000/.../ares-2-2-9-multi-win.exe

https://dw.uptodown.com/dwn/FsnigUxd31OhFkgM2ekqWLWZznocluMPVXzQHkf9VUjU4UJ_sDkzeTTNsAX9DO2flIqL8RrbgCU65XL4_A4X5w8aMcMDyw-sORRCI_kEpsXCOHe_83ogAYtgRVDH3-pa/xtMiuYsabUJkqPYuC3j3B-JwdCZHd573GYe0D60_-t3rTLOsWcH9WcVROhw7ccdVDujV8yA97yCh8aorlbVirn_YHLeLt0vg4h_a8WjA-TRFNE7W-_p0t54goo6rPKSb/38ku-gvzBgA0_GCCZorsLS3AbBpnRe5c5VAHt0GpQ9wz7jE7tvG16TAx1rsc5YosOcSjZKgJHKDYAt2Ary0vUmMfnZ78DT6zk2KRcATf4VfgY83yOU7AOdWSKIOedcro/.../

http://dw.uptodown.com/dwn/a2a2ldshZnR4rJjDXqi6uG-nRAtiVhM7if0LHq_urUgrBOiKqz-JWYrFCOkMRpey_jOUgEFf5s4nFcVorOsLSZTi9MQeqVoDhraQizdZ43WfptEGhVgPKIiyYXYsezpQ/RpqbVk92OdU20I9Xiia_18tfy28hXhQk1WeIrHhwUgumC859v1NCA_UbgJxpcFLdduXUGLA7kTB3jtPIjJk0_NQY3DnmJZ8-K9WDiWS6jxt_n8YKl96f0yp4O7LFBcwN/KtAfaLEqVmu5nEw9Gb8Z-eRy4DYjyB1-zq7suA8eVJf7__4iTcE0vtWbbTRj6yJ3oNdncLCPyOhVYex05UGjHbMYNc-CURvWuYXzq7vKDPg3ICcpBz6r0W49AUYVt_wh/.../

http://dw7.uptodown.com/dl/1405374751/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

https://dw8.uptodown.com/dwn/fj-AWfBPgWDYq7lYB0o9BF01dLOdlR6x4lU5nDGAK9hhDvBi4Xr9aHKCX4A_PzSlb38_ZiW_CGHBfcOT8E37C6jvmA0f1FSP2DE39QAoyhgXtdGvBdAB9qPV-4dXtKtA/WMrpIKk6Tpd8w-A9RW3FC-Tn0qOb9a2z1mRJAdJXUSNO3uzPJGp92RougjxU5wYbwiFgYNJI4IqJ37Vg5fB_l3rMK8PLKGmiKCYr-tZHseTvGgF_rmcDtFV-mqwAq0gV/4DONtXinpQG4iap86ocC43Uj1rhixguiqFopsCkBfKeGwLxHHVimDCcHUO1lFY_mA_x-hJBT8EcVmep6d_Nkd3Ue4srvxchjW-W3mSfYRUjO56jxVWLEQ3oqbFQDhjDl/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

http://www.filehorse.com/download/file/.../

http://dw6.uptodown.com/dl/1413586902/.../ares-2-2-9-multi-win.exe

http://dw6.br.uptodown.com/u2d/.../ares-2-2-9-multi-win.exe

https://dw.uptodown.com/dwn/8RWGq8yp0JCEYG0tvK5QFiugH8AaNedSnMoTYHBo8Voe3Uii3UjNhaDNVLiL3yrC5elcS2K1NtQZyvFe2R2MNpv2MJnOQYOKd9Hv9Ii2ARRz-vMds0XYxMA5PJnhTWBE/ehPpIMr-iDbZxhkhm_q27ALGO5oaVXvi4IT9fRxOQYDI3RmrVIWb8o53CjYmv7qOcFYm1LxewtK-oPC1Lg2CxFteiveVedtrqzCy5VcoK8fzANXBuWw0j7Dy0JTuUdU_/xiQcPzRj0lPkMP7a7Zkvxsm5EoDmrdEyGx_dRAHlCliDT9qb3e_oYB5zA71-Em97qfqeErg_8UJiPZhFFQhUdUxaIX_EFBfv8SzAzm7N_dXLAKOjtULsXA6l3qn4zbAN/.../

http://dw7.uptodown.com/dl/1406581216/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

https://dw.uptodown.com/dwn/jKu68ef_3lRUKJMXwWZHpmrJlFZc8gHSRF3xR7BugRpSmyceamNq3IuFRvBppAyTurDQI4565NDSUZIHhYYRRF9V2MGIu1c-TiTuqEgCMsr-u1yycNt7a6ZejgMgxSIS/-6IJAZAcnMey72HQZRERXtWFN5YsX1WP573qshpZwXUSfjyItC1jvD0CINujettnoyc6xcWjAn-GXILQzFWqdv-Ze-pH1l2FCekyJpxwJy2PZh8ifBNLY2D59U9NR6nk/LNsKEFrUl7tCBH8m8lmUl_0h8EpvvpmOzjcAqCS3WaBCPatLRe94mLjqJzF50px6GZnvXWYy5fvr7Xf7UvF9cQ3KOVcIk5LA2rkz_ZV2lhsbk_ZcSiux8UWUh-uIEq4R/.../

http://dw2.uptodown.com/dl/1413575765/.../ares-2-2-9-multi-win.exe

https://dw.uptodown.com/dwn/799YbhGxtfC2NpnSSzaKf2hj6L7LPI_ye_NAN5hewnSB8JI96AuVrb4xJB6L_okvI6xtbZfX8k-EnOwdxshbkfq3WiC2ZC7LZZoYjwlwgpNL_e07iCGwgv1T4WPbbeKV/OZQQQ6Qx-qzCtQQKSvW44i_J_cW1TqjaxSLLsFCXfnAPZ8OXaN_s-eoWVkbJlFUWek1vRqAl68yrO_XnBKCmrgb2J8garO99eQ91hn-pPBYTNbllA5bZOBp-L6hzwV7Q/hJzcB_i40Dg9l3tivf6x09qBg6E8-lu8IMF-l2JRfwXMZybaCrahEyM2QtGSodOqI9S8koNAkK7idBrtToQYQ559d9x_a0XMn6hQ42q2ML70xqFY4LAvIS9gZcKOUPA9/.../

http://dw4.uptodown.com/dl/1402185422/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

http://dw5.uptodown.com/dwn/SQ9YzKalHzHiWT9R_lD07_RxxRUJN4e9THbl3lFLWgNC1RX_WV_ZrnWLVVnLC9UwF3cSYF9FkTya-tiA8gmnb7VTzthTK-7GLsn54OAuJ7kAVvuemaHOnmPJhzxYk-Oj/F7Q-jPqJuXVnUVNJTJxyrj99ZD-oTcn0VVDDVsrdCWaMB7k2CYcSDiulGo3o2V8ikWGJdjo_h_9DTn4GzQSipD_xYzyLL82CWgNupKoEz09wt7oL2AqeHoBMTaCSVmUc/.../ares-2-2-8-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-in-se-tr-win.exe

https://dw.uptodown.com/dwn/g09FiAY-iSAioMVVy7gvlfiFMUNO2dEdr0daTFtN2WzF1u6gcXGeim1wv1IS69emX0SA6K5CfFL7ETLhGfZw5chBIrO65rRwZC_O65xKtBaJBvK7vCMMZ5OFLdHl8-aN/ScTUbjhrWh7limYFxNMuzxTjuOZn1dndEO2kQYotJof6fjl028eiWK5qF6MLzuqg2WYRV2tY9oYZ846IMZbRgar5eKl8zKzgfjmf2Z231VirxHuC8khXsvpq-AXExccC/17IJj3EKiMgs7S-6EUsSgTtHVKarlAV4OMYhUk40PfzHzcSt_E4B41kivHTFav2PqZn_lqB1RZpk4aMud0nSBR_Q80gbdSU4p8HYVIzBpTjz97Ol-7OXxmUlhEDf1gmZ/.../

Latest 30 of 175 download URLs

Remove aresregular228_installer.exe - Powered by Reason Core Security