» do_application_start.exe
Overview
Analysis
File Details
Downloads (4)

do_application_start.exe

Kpi Media Group

The application do_application_start.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva6.routinetrends.com and multiple other hosts.

File name:

Publisher:

Kpi Media Group

Product:

Kpi Media Group

Version:

83.0.1.1579

MD5:

d8ddf8324e3f8ca80f175a0bc8d395d6

SHA-1:

85dbff86090eafce11e25d4530ad1930e1e2a9b2

SHA-256:

0f1d465b60f46381c4b5c5660a5c3be6555729692e2602d7f856bea081625221

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Razy.19119

11.5.0.6191

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

F-Secure

Variant.Application.Bundler

5.15.96

Norman

Gen:Variant.Application.Bundler.DownloadAdmin.9

02.04.2016 17:35:19

File size:

886.4 KB (907,680 bytes)

Product version:

83.0.1.1579

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata

Compilation timestamp:

3/31/2015 1:56:46 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:ZBh4QyFrNxQ0psuEHG8WbCJgiFg42zyYSoEJgwTBnqedjqBUVdXUoEKQkuJUkj:NnydNm0psvHG8eEg4foEPTb8qnXUoo

Entry address:

0x24D6

Entry point:

E8, 65, BE, 00, 00, E9, 6F, B7, 00, 00, FF, 25, 4C, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, E8, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 2C, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 31, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, BC, 31, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, D4, 2A, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 68, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, C4, 2A, 49, 00... 
[+]

Entropy:

7.9655 (probably packed)

Code size:

56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 4 URLs.

http://intva6.routinetrends.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=kmplayer-setup-100191043.exe&checksum=0

http://intva6.routinetrends.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=kmplayer-setup-100191043.exe&checksum=149600

http://intva6.routinetrends.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=additionaloffers-setup-100435845.exe&checksum=149600

http://intva6.routinetrends.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=kmplayer-setup-50833011.exe&checksum=149600

Remove do_application_start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.