» chip_'n_dale's_rescue_rangers-131013553-131013553.exe
Overview
Analysis
File Details
Downloads (13)

chip_'n_dale's_rescue_rangers-131013553-131013553.exe

Cat Lady Interactive

The application chip_'n_dale's_rescue_rangers-131013553-131013553.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from intva2.clientmulti.com and multiple other hosts.

File name:

Publisher:

Cat Lady Interactive

Product:

Cat Lady Interactive

Version:

1.2.9.2183

MD5:

844af184dcfdeadb0f81336073546d69

SHA-1:

8b4587b25b1b42ce3293c1e559b80159235c46b9

SHA-256:

2a3e754f3368a5eb149efc25e130791a0fac80d9997333d31cdae7e46db14c0d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 4:45:10 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.CatLady.Bundler.Installer.Meta (M)

16.5.3.16

File size:

888.2 KB (909,472 bytes)

Product version:

1.2.9.2183

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\chip_'n_dale's_rescue_rangers-131013553-131013553.exe

File PE Metadata

Compilation timestamp:

4/5/2015 11:21:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:vVSTnm3aIDGajRMzh5oHIfgg9oqHn4eB:v0TnsDPHIBeqH4k

Entry address:

0x4FA6

Entry point:

E8, 05, 93, 00, 00, E9, 0F, 8C, 00, 00, FF, 25, 00, 3F, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 48, 46, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 24, 3F, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 8A, 4C, 24, 04, 56, 8B, 74, 24, 0C, 88, 0C, 06, 8A, 0E, 40, 80, F9, 0D, 0F, 84, BA, 00, 00, 00, 80, F9, 3D, 74, 3C, 80, F9, 09, 74, 12, 80, F9, 1F, 0F, 86, C2, 00, 00, 00, 80, F9, 7F, 0F, 83, B9, 00, 00, 00, 57, 8B, 7C, 24, 18, 8D, 97, 0C, 02, 00, 00, 39, 17, 72... 
[+]

Code size:

56.5 KB (57,856 bytes)

The file chip_'n_dale's_rescue_rangers-131013553-131013553.exe has been seen being distributed by the following 13 URLs.

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Mario Advance 4 - Super Mario Bros. 3 (V1.1)-131225973.exe&checksum=130068

http://intva18.componentsurf.info/dl-pure?&usefilename=true&hashstring=jbaril41216&signature_id=0&_action_=getbin&filename=sallysspa-setup-131296907.exe&checksum=160910

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Bobby Is Going Home-131114321.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=audacity-setup-58089935.exe&checksum=105617

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-53336671 (1).exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl182016&signature_id=0&_action_=getbin&filename=kodi-setup-121811711 (1).exe&checksum=129224

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon Mystery Dungeon-131063185.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl182016&signature_id=0&_action_=getbin&filename=minecraft-setup-121707567.exe&checksum=129224

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Crash Bandicoot - Warped-92444869.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=GameShark Version 4.0 (Unl)-80814417.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Marvel Vs. Capcom_ Clash of Super Heroes (US 980123)-93461265.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Mario Advance 3 - Yoshi's Island-131098317.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40339275.exe&checksum=165463

Remove chip_'n_dale's_rescue_rangers-131013553-131013553.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.