do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from intva4.developbutton.com and multiple other hosts.
Publisher:
Cat Lady Interactive

Product:
Cat Lady Interactive

Version:
1.2.9.2183

MD5:
99b4cdabf37c28f266a783e65a741625

SHA-1:
c77068c2c63a3a7a5d02614ec89cfb3305362f31

SHA-256:
358442fe1b2dfa5aa818e8f24916b7a19f97577f6bcf617ba5b881f8bd9a92d4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:11:54 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Trojan.Heur.JP.3q3@a0aWhidi
11.5.0.6191

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
8.0.319.0

F-Secure
Variant.Application.Bundler
5.15.21

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.9
02.04.2016 17:35:19

File size:
885.1 KB (906,304 bytes)

Product version:
1.2.9.2183

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
4/12/2015 5:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:U1zc6bRjLXWg2GY3RgzaT10KSIB52IwNv2MuCe5BaOz1dg5M7FuhdC4oiXt+2SKO:T6bR/XWdGY3RgzaT10KSIB52IwNv2Mu5

Entry address:
0x3A16

Entry point:
E8, 15, A9, 00, 00, E9, 3F, A1, 00, 00, FF, 25, 4C, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 18, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 5C, 06, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 3C, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 44, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, EC, 06, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 38, 07, 4C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, C4, 06, 4C, 00...
 
[+]

Entropy:
7.9643  (probably packed)

Code size:
56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 27 URLs.

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-74986269.exe&checksum=108984

Remove do_application_start.exe - Powered by Reason Core Security