do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from intva2.clientmulti.com and multiple other hosts.
Publisher:
Cat Lady Interactive

Product:
Cat Lady Interactive

Version:
1.2.9.2183

MD5:
f2a4f148622cc50e1cd5ecfa0e4cf239

SHA-1:
76029e0dbc2a750a558f02a1d86027e6633cfac1

SHA-256:
b11c5978e544c91bcf3263dea8c515a17c6bdf0a16e153d2f4f7bb6c34d10136

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 1:32:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.CatLady.Bundler.Installer.Meta (M)
16.5.4.19

File size:
885 KB (906,240 bytes)

Product version:
1.2.9.2183

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
4/27/2015 2:14:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:RF9MTOgvcackQyE4yu3dz7o+RVtgh20zeoHaAuBoB:79MdjFXJ/OLf

Entry address:
0x183A

Entry point:
E8, 31, CB, 00, 00, E9, 5D, C3, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 44, 55, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 04, 55, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 44, 54, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 60, 54, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, E0, 54, 4A, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 33, C0, EB, 0F, 85, C0, 75, 10, 8B, 0E, 85, C9, 74, 02, FF, D1, 83, C6, 04, 3B, 75, 0C, 72, EC, 5E, 5D, C3...
 
[+]

Entropy:
7.9655  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 11 URLs.

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Feuerrote Edition (Germany)-79878479.exe&checksum=130068

Remove do_application_start.exe - Powered by Reason Core Security