BUSDRI.FO.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
ff4b3a06b7d81614f02850fed3b23009

SHA-1:
ed100ec4e5498471e009643f3fe5db959a595750

SHA-256:
1d05cda8fff17911d630e7df82ea7afa6f1e23b9264f5e155e7fe3ec313690f5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 12:05:48 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14705

File size:
60.1 MB (62,973,404 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
1/24/2006 8:42:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:ZHTdn0KrjLyr+nuXgMyl8hKuqsSx/Pxv6Job/:LnTiinmgMyl8hKuqsSx56Joj

Entry address:
0x313E

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 38, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, 43, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, F8, FC, 41, 00, FF, 15, 58, 71, 40, 00, 68, 28, 92, 40, 00, 68, 20, 3B, 42, 00, E8, 1E, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 20, 92, 40, 00, 53, E8, 09...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file BUSDRI.FO.exe has been seen being distributed by the following 7 URLs.

http://dw.uptodown.com/dwn/JiFINXO9AZMz4JyzaYH-jcN19SHYNak4vGVV4U_UA451YmxkG8ys9fLiPJ1LByIvmQhnpQC14D-kha9e1QBsiopYUSKi3Iv9lyHigWRL3YYC0iAUZim-qPNuVo--RcN3/AYwNWqwECQxzB9K0RfWoEAHpWJp1YgqXPYZ2hzPEP4_9lNVLqhYvFuldpu5HoHKXFPJXsgcPVjmtuky95J7Vs2mkx-_9TLV3sSyDw3r6GDN1jknxhllbYOgsWLu4LaL7/Jrk8tPI_WWWv6lL16Yo7gGj4FdT3T7UwpRyB3aG5qfFbK1ds0touTdg_RX5rSQNdkwyD9bYsk0mpVLxCwOtBHw1AbDKgGCGsU5uBMxVfEcQKAhuKcs10kUiZSiHm39JN/.../

http://www.4gamer.net/jump.php?http://file.4gamer.net/.../BusDriver_Demo.exe

http://dc498.4shared.com/download/.../Bus_Driver_Setup.exe

http://dc351.4shared.com/download/.../Bus_Driver_Setup.exe

Scan BUSDRI.FO.exe - Powered by Reason Core Security