do_application_start.exe

Kpi Media Group

The application do_application_start.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva6.routinetrends.com and multiple other hosts.
Publisher:
Kpi Media Group

Product:
Kpi Media Group

Version:
83.0.1.1579

MD5:
d8ddf8324e3f8ca80f175a0bc8d395d6

SHA-1:
85dbff86090eafce11e25d4530ad1930e1e2a9b2

SHA-256:
0f1d465b60f46381c4b5c5660a5c3be6555729692e2602d7f856bea081625221

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 10:50:15 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Razy.19119
11.5.0.6191

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
8.0.319.0

F-Secure
Variant.Application.Bundler
5.15.96

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.9
02.04.2016 17:35:19

File size:
886.4 KB (907,680 bytes)

Product version:
83.0.1.1579

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
3/31/2015 1:56:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ZBh4QyFrNxQ0psuEHG8WbCJgiFg42zyYSoEJgwTBnqedjqBUVdXUoEKQkuJUkj:NnydNm0psvHG8eEg4foEPTb8qnXUoo

Entry address:
0x24D6

Entry point:
E8, 65, BE, 00, 00, E9, 6F, B7, 00, 00, FF, 25, 4C, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, E8, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 2C, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 31, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, BC, 31, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, D4, 2A, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 68, 32, 49, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, C4, 2A, 49, 00...
 
[+]

Entropy:
7.9655  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 4 URLs.

Remove do_application_start.exe - Powered by Reason Core Security