» do_application_start.exe
Overview
Analysis
File Details
Downloads (27)

do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva4.developbutton.com and multiple other hosts.

File name:

Publisher:

Cat Lady Interactive

Product:

Cat Lady Interactive

Version:

1.2.9.2183

MD5:

99b4cdabf37c28f266a783e65a741625

SHA-1:

c77068c2c63a3a7a5d02614ec89cfb3305362f31

SHA-256:

358442fe1b2dfa5aa818e8f24916b7a19f97577f6bcf617ba5b881f8bd9a92d4

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:26:13 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Trojan.Heur.JP.3q3@a0aWhidi

11.5.0.6191

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

F-Secure

Variant.Application.Bundler

5.15.21

Norman

Gen:Variant.Application.Bundler.DownloadAdmin.9

02.04.2016 17:35:19

File size:

885.1 KB (906,304 bytes)

Product version:

1.2.9.2183

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata

Compilation timestamp:

4/12/2015 5:24:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:U1zc6bRjLXWg2GY3RgzaT10KSIB52IwNv2MuCe5BaOz1dg5M7FuhdC4oiXt+2SKO:T6bR/XWdGY3RgzaT10KSIB52IwNv2Mu5

Entry address:

0x3A16

Entry point:

E8, 15, A9, 00, 00, E9, 3F, A1, 00, 00, FF, 25, 4C, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 18, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 5C, 06, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 3C, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 44, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, EC, 06, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 38, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, C4, 06, 4C, 00... 
[+]

Entropy:

7.9643 (probably packed)

Code size:

56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 27 URLs.

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-74986269.exe&checksum=108984

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Yandere Simulator-April 15th-126878151.exe&checksum=147054

http://intva18.componentsurf.info/dl-pure?&usefilename=true&hashstring=jbaril41216&signature_id=0&_action_=getbin&filename=bejeweled3-setup-2704143 (3).exe&checksum=160910

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=openofficesuite-setup-43017811 (2).exe&checksum=105617

http://intva6.routinetrends.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=kmplayer-setup-42696711.exe&checksum=108955

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111269317.exe&checksum=165463

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-102744125.exe&checksum=108984

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-44535839 (1).exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=40373269[1].exe&checksum=165463

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Harvest Moon - Back to Nature-110513373.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=gimp-setup-125669097.exe&checksum=163458

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=BIOS-126690387.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40238857.exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl182016&signature_id=0&_action_=getbin&filename=minecraft-setup-121707567.exe&checksum=129224

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=bluestacks-setup-125703219.exe&checksum=127328

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41516&signature_id=0&_action_=getbin&filename=openofficesuite-setup-44535839.exe&checksum=150213

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Need for Speed - Underground 2-123169735.exe&checksum=164825

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42902351.exe&checksum=164352

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=gimp-setup-125414337.exe&checksum=163458

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42901019.exe&checksum=164352

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Bomberman 4-126584551(1).exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-41654757.exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41516&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111269317 (1).exe&checksum=150213

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-43005121[1].exe&checksum=150539

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl4182016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111269241.exe&checksum=165463

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=minecraft-setup-125675295.exe&checksum=127328

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42908725.exe&checksum=164352

Remove do_application_start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.