» do_application_start.exe
Overview
Analysis
File Details
Downloads (39)

do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva2.clientmulti.com and multiple other hosts.

File name:

Publisher:

Cat Lady Interactive

Product:

Cat Lady Interactive

Version:

1.2.9.2183

MD5:

2bf964bb1e17e16352206672cc3465ff

SHA-1:

726b608d2dbcadebae8ed90567b922b7aaae7e6c

SHA-256:

8b4048abdb0643665a9ac453d3df11c8a2e85161e84e7628c7d8e94d59dbc6e6

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:47:44 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

F-Secure

Variant.Application.Bundler

5.15.96

Norman

Gen:Variant.Application.Bundler.DownloadAdmin.9

02.04.2016 17:35:19

File size:

887 KB (908,320 bytes)

Product version:

1.2.9.2183

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\do_application_start.exe

File PE Metadata

Compilation timestamp:

4/25/2015 4:30:53 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:8ap+P5DqIryvFTqagix03eMFWwNesuzcAY6l5nzV+vSxMgRV:bpUZQFngix0W2AJlFo67f

Entry address:

0x4B26

Entry point:

E8, 85, 96, 00, 00, E9, 91, 8F, 00, 00, FF, 25, 70, 28, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 1C, 02, 00, 00, 53, 55, 8B, AC, 24, 28, 02, 00, 00, 56, 57, 6A, 01, 55, C7, 44, 24, 24, 00, 00, 00, 00, E8, 7F, F1, FF, FF, D9, 7C, 24, 1A, 0F, B7, 44, 24, 1A, 0D, 00, 0C, 00, 00, 89, 44, 24, 1C, 8D, 44, 24, 24, 50, D9, 6C, 24, 20, 6A, 00, 6A, 02, 55, DF, 7C, 24, 2C, 8B, 74, 24, 2C, D9, 6C, 24, 2A, E8, FE, FD, FF, FF, 8B, 4C, 24, 34, 8B, F8, 83, C4, 18, 8D, 1C, 0F, 89, 5C, 24, 14, 85, FF, 75, 11... 
[+]

Entropy:

7.9660 (probably packed)

Code size:

56 KB (57,344 bytes)

The file do_application_start.exe has been seen being distributed by the following 39 URLs.

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Mario World 2 - Yoshi's Island-128123177.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Yu-Gi-Oh! World Championship Tournament 2004-128200581.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Verytex-128446747.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111269317.exe&checksum=165463

http://intva6.routinetrends.com/dl-pure?&usefilename=true&hashstring=jb42016&signature_id=0&_action_=getbin&filename=kmplayer-setup-42696711.exe&checksum=129362

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Version Rouge Feu (France)-128258871.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon Z V3.0 (Red Hack)-123608953.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-128114423 (1).exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40593579 (1).exe&checksum=165463

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Nosferatu-128446529.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127563127.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?usefilename=true&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40580185.exe&checksum=125066

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Mario Party 3-128085307.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127627349.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=gimp-setup-125396369.exe&checksum=127328

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127544765.exe&checksum=164352

http://intva18.componentsurf.info/dl-pure?&usefilename=true&hashstring=jbaril41216&signature_id=0&_action_=getbin&filename=dinerdash2-setup-120946001 (2).exe&checksum=160910

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127562207.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=openofficesuite-setup-43017811.exe&checksum=105617

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40742955.exe&checksum=150539

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-74986269.exe&checksum=108984

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-102744125.exe&checksum=108984

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Gallop Racer-93076953.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40593579.exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40593579 (2).exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127553615.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127565221.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-127546935.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-41429027[1].exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl182016&signature_id=0&_action_=getbin&filename=minecraft-setup-121701303.exe&checksum=129224

Latest 30 of 39 download URLs

Remove do_application_start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.