» do_application_start.exe
Overview
Analysis
File Details
Downloads (22)

do_application_start.exe

Sonny Sun Interactive

The application do_application_start.exe by Sonny Sun Interactive has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva1.bitdesktop.com and multiple other hosts.

File name:

Publisher:

Free Light Installation (signed by Sonny Sun Interactive)

Product:

Free Light Installation

Version:

54.7.1.3804

MD5:

c95e877ec0c9902af0f67473d883fa9d

SHA-1:

8008aae76395988c25d3268f5ef093fd3fe4ea1b

SHA-256:

62a4d1ed9c3bf6b37773f6d8b5ea47dd5b0cb39ee039878611c05de8e6cf847c

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/15/2024 12:25:04 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Variant.Application.Bundler.DownloadAdmin.mCz5

2.1.4+

Dr.Web

Trojan.Vittalia.10519

9.0.1.0139

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted (variant)

10.13509

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.2.0.9.0

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Reason Heuristics

PUP.DownloadAdmin (M)

16.5.18.18

Sophos

Download Admin (PUA)

4.98

Trend Micro House Call

PUA_DOWNADMIN.SM

7.2.139

File size:

918.7 KB (940,704 bytes)

Product version:

54.7.1.3804

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

Digital Signature

Signed by:

Sonny Sun Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 3:13:39 PM

Valid to:

3/8/2017 3:13:39 PM

Subject:

CN=Sonny Sun Interactive, O=Sonny Sun Interactive, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0093AC568FBE0B686A

File PE Metadata

Compilation timestamp:

4/22/2015 12:07:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:gG5XIJamgPQFOcQJPgY2uuqyvagngrlsJGW+RCWeHe/HtUV:HId8Qclb2Lnau0WS8He/H

Entry address:

0x4ABA

Entry point:

E8, 71, 9A, 00, 00, E9, 7D, 93, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, C8, 4A, 45, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 28, 01, 00, 00, 53, 55, 56, 57, B9, 05, 01, 00, 00, 8D, 44, 24, 30, 33, DB, 88, 18, 40, 83, E9, 01, 75, F8, 8D, 44, 24, 30, 50, 68, 04, 01, 00, 00, FF, 15, 04, 01, 41, 00, 8B, 2D, BC, 01, 41, 00, 8B, F8, 89, 7C, 24, 14, C7, 44, 24, 10, 07, 00, 00, 00, 81, FF, 04, 01, 00, 00, 73, 04, 88, 5C, 3C, 30, 33, F6, 83, FE, 14, 7D, 1D, FF, D5, 33, D2, F7, 35... 
[+]

Entropy:

7.9609 (probably packed)

Code size:

57 KB (58,368 bytes)

The file do_application_start.exe has been seen being distributed by the following 22 URLs.

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-40319255.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133291541.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133290161.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-121290639.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-123041083 (1).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133289523.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-40447131.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-135829831.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-40796739 (3).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133298743.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-40724177.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-135680549 (2).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133302505.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-40339275.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133289385.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-41654757.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133289385 (3).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133296133 (1).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133296429.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133298743 (3).exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-41381607.exe&checksum=105343

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbmayjkjhd2016&signature_id=399&_action_=getbin&filename=openofficesuite-setup-133290191.exe&checksum=105343

Remove do_application_start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.