» atlas_copco_ga15ff_service_manual_downloader.exe
Overview
Analysis
File Details
Downloads (1)

atlas_copco_ga15ff_service_manual_downloader.exe

FairyTale Installer

CandyMandy LLC

The application atlas_copco_ga15ff_service_manual_downloader.exe by CandyMandy has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d.failsmail.com.

File name:

Publisher:

FairyTale Inc (signed by CandyMandy LLC)

Product:

FairyTale Installer

Version:

1, 0, 616, 1

MD5:

8def9b803e87d8ff645d323b1591cfba

SHA-1:

0f25e02977eddb39e0dbcfc4b5ccbe069d7e16d4

SHA-256:

59595b8954ead5934f5130b9775be5e0292c74db67730b1d17860022ef9b00cc

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/14/2024 9:34:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.586985

669

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.04.08

Avira AntiVirus

APPL/Downloader.Gen8

3.6.1.96

avast!

Win32:Adware-gen [Adw]

2014.9-150406

AVG

Downloader

2016.0.3147

Bitdefender

Gen:Variant.Kazy.586985

1.0.20.480

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.ExpressDown.ZMIL

21667

Dr.Web

Adware.Downware.11073, Adware.Downware.10690

9.0.1.096

Emsisoft Anti-Malware

Gen:Variant.Kazy.586985

8.15.04.06.05

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Kazy.586985

11.2015-06-04_2

G Data

Gen:Variant.Kazy.586985

15.4.25

herdProtect (fuzzy)

variant of gta-4-final-mod-iv_downloader.exe (PUP)

2015.7.10.1

K7 AntiVirus

Unwanted-Program

13.203.15739

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.2219

MicroWorld eScan

Gen:Variant.Graftor.183147

16.0.0.288

NANO AntiVirus

Riskware.Win32.Downware.dpydrs

0.30.24.1357

Panda Antivirus

Trj/Genetic.gen

15.04.06.05

Reason Heuristics

PUP.Installer.CandyMandy

15.4.11.23

VIPRE Antivirus

Threat.4657539

39676

Zillya! Antivirus

Downloader.Agent.Win32.242550

2.0.0.2128

File size:

3.4 MB (3,565,616 bytes)

Product version:

1.0.0.1

Original file name:

FairyTale.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\atlas_copco_ga15ff_service_manual_downloader.exe

Digital Signature

Signed by:

CandyMandy LLC

Authority:

CandyMandy LLC

Valid from:

3/25/2015 5:18:45 AM

Valid to:

3/24/2016 5:18:45 AM

Subject:

CN=CandyMandy LLC, OU=CandyMandy LLC, O=CandyMandy LLC, S=London, C=UK

Issuer:

CN=CandyMandy LLC, C=UK, S=London, L=London, E=admin@candy.com, OU=CandyMandy LLC, O=CandyMandy LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

3/31/2015 7:19:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:G1jO0zYjcAf1qmS8tyLPeIo72pK8lCUVnDaa12:f0zYAA9fttyg8wUVDaa12

Entry address:

0x8BEA1

Entry point:

E8, 43, C6, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, CF, 4E, 00, E8, F9, E3, 00, 00, E8, 48, B2, 00, 00, 0F, B7, F0, 6A, 02, E8, D6, C5, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 98, 1A, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7849 (probably packed)

Code size:

794.5 KB (813,568 bytes)

The file atlas_copco_ga15ff_service_manual_downloader.exe has been seen being distributed by the following URL.

http://d.failsmail.com/j5GEQ27RuhBF271cZZOWIj JsyE5k7w5YK2 KjGFgD1rrYlxVqPUahLm2mYd6cRRHvqGElCJnVYH1M1aDtE3VU6NdwMslXskL5AwS2yMY IomnzkDXRg zM5JKk5ZEjwNTEUsRZ0WsQOe17rV29UwQJ1W8wTREqFFUtQiQ5MMuwdQzDZ9kIwhtNna83vWT2c7VA8pPkfN6SrdHu7/js uu5xUOeMYVnoiGVd7IRgQ8XbPSqP0xMR1oFTGIyCXOCViV zx/BFscv3RLvP U6oNq8Zpze3sKA68PH8MpnAh3 5scB5xPPIb9u5nDma6t5Hm//BeJvEhBnBgs9OlMz8Asea8A8kxPRaIN oRjeM4Cc72LN caW8cyL26H4r8YVjeqiAZ0ezjz0RtYs HP6BDFyoyFYB2c5S

Remove atlas_copco_ga15ff_service_manual_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.