do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from intva1.bitdesktop.com and multiple other hosts.
Publisher:
Cat Lady Interactive

Product:
Cat Lady Interactive

Version:
1.2.9.2183

MD5:
ddfd2785b16f48cefebcd67a7a4fb2d8

SHA-1:
caa761917fb1b5b3c9c0c30ce56bab8eeb87ce32

SHA-256:
321fafe23443f6d44c64c7a63773cbb0159057d9443509fe685ef5968598b70c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 5:33:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.CatLady.Bundler.Installer.Meta (M)
16.4.24.17

File size:
884.2 KB (905,440 bytes)

Product version:
1.2.9.2183

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata
Compilation timestamp:
4/25/2015 10:40:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:8doadB+Yv3toYRPp4de9g/wDir0brnBp+k999pmJk/+NEZsG/y7JMdIP13DY0SDW:cjkA992obDj9vpcK+YRaOdY132W

Entry address:
0x20F3

Entry point:
E8, B8, C0, 00, 00, E9, C2, B9, 00, 00, CC, CC, CC, FF, 25, FC, C8, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A0, C9, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, E8, C9, 47, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8A, 44, 24, 04, 53, 55, 8B, 6C, 24, 14, 83, C5, 01, 56, 8B, 74, 24, 14, 88, 44, 2E, FF, 57, 0F, 84, CE, 00, 00, 00, 8B, 7C, 24, 24, B3, 0A, 8A, 0E, 0F, B6, D1, 0F, B6, 82, B0, D2, 47, 00, 83, E8, 01, 74, 5E, 83, E8, 01, 74, 4F, 83, E8, 01, 74, 1D, 8D, 87, 0C, 02, 00...
 
[+]

Entropy:
7.9656  (probably packed)

Code size:
56 KB (57,344 bytes)

The file do_application_start.exe has been seen being distributed by the following 14 URLs.

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41516&signature_id=0&_action_=getbin&filename=openofficesuite-setup-111267587.exe&checksum=150213

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-102744125.exe&checksum=108984

Remove do_application_start.exe - Powered by Reason Core Security