birds-hunter.exe

Play Turtle, LLC

The application birds-hunter.exe by Play Turtle has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from installerlaunch-pp1.com.
Publisher:
Play Turtle, LLC  (signed and verified)

MD5:
df09fec126af515b1909281a2c1df567

SHA-1:
2785478cd3e50ab299a019425da26c4c8320027f

SHA-256:
0d9b08795c3d40590dc8016d484d4aeddbbee95834c715956c6e3a4022ceadc3

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 8:11:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EpicPlay.PlayTurt (M)
16.4.20.10

File size:
1 MB (1,051,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\birds-hunter.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/9/2011 7:00:00 PM

Valid to:
12/9/2012 6:59:59 PM

Subject:
CN="Play Turtle, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Play Turtle, LLC", L=Plantation, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1FBA05C4A16403C30CAF42A3523B1862

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:taHn3Jn13kDQDb+9XvS//NiXi7c0TFy8GOC:Ej3kDwev8NiXi7c0TF

Entry address:
0xC1A74

Entry point:
55, 8B, EC, 83, C4, F0, B8, C8, D6, 4C, 00, E8, B4, ED, FF, FF, 26, 33, BC, 84, 42, 82, 8D, E3, DA, 50, 6C, 38, CB, 97, 7B, F6, 19, 06, D0, B5, 50, 03, 85, 2C, DF, A5, 81, D8, BA, 1F, 6D, 63, D8, 45, 74, 2A, 4B, 53, CD, 86, 09, F8, 27, A8, AC, 59, 6E, 28, BD, 9C, 99, A8, 4A, 13, 61, 26, D6, 34, 15, C8, 04, E6, F5, 63, 5A, D2, C8, EA, 28, BB, 7D, 8E, 5B, 1A, 31, 48, C1, 77, D6, FA, 2B, 41, 52, 8D, 37, 13, D4, 85, E6, B3, C1, 10, 35, 3F, 6E, 8E, 45, 3D, 7E, 05, EE, 97, BC, 00, BE, BF, 9B, D6, A9, 64, D3, 64...
 
[+]

Entropy:
6.7248

Developed / compiled with:
Microsoft Visual C++

Code size:
786.5 KB (805,376 bytes)

The file birds-hunter.exe has been seen being distributed by the following URL.

Remove birds-hunter.exe - Powered by Reason Core Security