do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva2.clientmulti.com and multiple other hosts.
Publisher:
Cat Lady Interactive

Product:
Cat Lady Interactive

Version:
1.2.9.2183

MD5:
2bf964bb1e17e16352206672cc3465ff

SHA-1:
726b608d2dbcadebae8ed90567b922b7aaae7e6c

SHA-256:
8b4048abdb0643665a9ac453d3df11c8a2e85161e84e7628c7d8e94d59dbc6e6

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:25:23 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
8.0.319.0

F-Secure
Variant.Application.Bundler
5.15.96

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.9
02.04.2016 17:35:19

File size:
887 KB (908,320 bytes)

Product version:
1.2.9.2183

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
4/25/2015 4:30:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:8ap+P5DqIryvFTqagix03eMFWwNesuzcAY6l5nzV+vSxMgRV:bpUZQFngix0W2AJlFo67f

Entry address:
0x4B26

Entry point:
E8, 85, 96, 00, 00, E9, 91, 8F, 00, 00, FF, 25, 70, 28, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 1C, 02, 00, 00, 53, 55, 8B, AC, 24, 28, 02, 00, 00, 56, 57, 6A, 01, 55, C7, 44, 24, 24, 00, 00, 00, 00, E8, 7F, F1, FF, FF, D9, 7C, 24, 1A, 0F, B7, 44, 24, 1A, 0D, 00, 0C, 00, 00, 89, 44, 24, 1C, 8D, 44, 24, 24, 50, D9, 6C, 24, 20, 6A, 00, 6A, 02, 55, DF, 7C, 24, 2C, 8B, 74, 24, 2C, D9, 6C, 24, 2A, E8, FE, FD, FF, FF, 8B, 4C, 24, 34, 8B, F8, 83, C4, 18, 8D, 1C, 0F, 89, 5C, 24, 14, 85, FF, 75, 11...
 
[+]

Entropy:
7.9660  (probably packed)

Code size:
56 KB (57,344 bytes)

The file do_application_start.exe has been seen being distributed by the following 39 URLs.

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Mario World 2 - Yoshi's Island-128123177.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Yu-Gi-Oh! World Championship Tournament 2004-128200581.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Verytex-128446747.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111269317.exe&checksum=165463

Latest 30 of 39 download URLs

Remove do_application_start.exe - Powered by Reason Core Security