home

ark_survival_evolved.exe

Fef

LAM Proactive And Investments Ltd

The application ark_survival_evolved.exe, “Fef Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.signsbitsbody.com.
Publisher:
LAM Proactive And Investments Ltd  (signed and verified)

Product:
Fef

Description:
Fef Setup

MD5:
5bbef4997597228f8c35b55c16e6d1d5

SHA-1:
97cc622487454c9b2ba0ae54ddda80b7602822f0

SHA-256:
e8bcf9616252eb3048effd236b1f72d11762f70db34720bf19e408de76d1661b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 2:45:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.9.3

File size:
1.1 MB (1,194,760 bytes)

Product version:
5.1.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ark_survival_evolved.exe

Digital Signature
Signed by:
LAM Proactive And Investments Ltd

Authority:
GlobalSign nv-sa

Valid from:
8/17/2016 6:17:01 PM

Valid to:
8/18/2017 6:17:01 PM

Subject:
CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
73CF7C9535C901AED579B1BA

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9727

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file ark_survival_evolved.exe has been seen being distributed by the following URL.

http://www.signsbitsbody.com/rD9rz 7kIltzVbUF3HN3etfFDt6eCrm4iZ0Fb8bwg_53FK5_ aHgna8E8lsWh4GssGs6rlAJ65umeuIOM1mSCJ7FuQ9eX2yt2uFdNokuhn4Hqpj684Vn6IDIvWAJLaNYG6aztlr68FCJJRi Kvfv0NT11AlrAZw5p08lWhrbZzcKcRysRN8phKMvNBE0JVkx6juGTin7ReB7LCAyKOBdvrnFbjm4O Hg5ObpipoY7WEpaTQAOI21u8wE5NCFqFV83m1XNYaZAqybzBVyqSk 0G CuEKMe0chFUpk_xbXIqM2Z 26LE INgzncTUWc1o4u4aopJJElHABb_MIZ9BVnxFRiQLXqmXdvaKv307t4heM Pd2f6gwFH AzyGLGmdxLTFMf0tnlzQo90CCwnIl1X8ZG8chFSDHm_cbRsJ8TOB F5WD01Mpcf0od9W3PPdBghZ FglzocOBNwAN0CpRSGLULd0v45jgzHs622OPy_T39ItycjdtYqqne5V1GXQW91mA7R_Z-G88AAGRpXUu7KLxUMoCnJ9ACDUhaRdW8pSX07X626w1z3BAT Sgyjbd 1vIqfNdbWYbB34QDXM_kc6InFBRSC45kMOWYGHAccsBmZhcppfL1J9H_7eV7_k_bB_NTIxHvJ9S_Bzl42fg1H6Ne0T8D4A==

Remove ark_survival_evolved.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.