home

do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from intva1.bitdesktop.com and multiple other hosts.
Publisher:
Cat Lady Interactive

Product:
Cat Lady Interactive

Version:
1.2.9.2183

MD5:
ddfd2785b16f48cefebcd67a7a4fb2d8

SHA-1:
caa761917fb1b5b3c9c0c30ce56bab8eeb87ce32

SHA-256:
321fafe23443f6d44c64c7a63773cbb0159057d9443509fe685ef5968598b70c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 4:32:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.CatLady.Bundler.Installer.Meta (M)
16.4.24.17

File size:
884.2 KB (905,440 bytes)

Product version:
1.2.9.2183

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
4/25/2015 10:40:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:8doadB+Yv3toYRPp4de9g/wDir0brnBp+k999pmJk/+NEZsG/y7JMdIP13DY0SDW:cjkA992obDj9vpcK+YRaOdY132W

Entry address:
0x20F3

Entry point:
E8, B8, C0, 00, 00, E9, C2, B9, 00, 00, CC, CC, CC, FF, 25, FC, C8, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A0, C9, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, E8, C9, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8A, 44, 24, 04, 53, 55, 8B, 6C, 24, 14, 83, C5, 01, 56, 8B, 74, 24, 14, 88, 44, 2E, FF, 57, 0F, 84, CE, 00, 00, 00, 8B, 7C, 24, 24, B3, 0A, 8A, 0E, 0F, B6, D1, 0F, B6, 82, B0, D2, 47, 00, 83, E8, 01, 74, 5E, 83, E8, 01, 74, 4F, 83, E8, 01, 74, 1D, 8D, 87, 0C, 02, 00...
 
[+]

Entropy:
7.9656  (probably packed)

Code size:
56 KB (57,344 bytes)

The file do_application_start.exe has been seen being distributed by the following 14 URLs.

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41516&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111267587.exe&checksum=150213

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-102744125.exe&checksum=108984

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42901019.exe&checksum=116075

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42909105.exe&checksum=116075

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=kodi-setup-59493305.exe&checksum=116075

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41516&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111277997.exe&checksum=150213

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Ruby Version (V1.2)-126078101.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Fire Red Version-80462709.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42902351.exe&checksum=116075

http://intva18.componentsurf.info/dl-pure?&usefilename=true&hashstring=jbaril41216&signature_id=0&_action_=getbin&filename=mahjongmedley-setup-69959.exe&checksum=160910

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-74986269.exe&checksum=108984

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbswswsswl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42908725 (1).exe&checksum=116075

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Leaf Green Version-100678717.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Syphon Filter 2 (Disc 1)-126016153.exe&checksum=130068

Remove do_application_start.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.