» do_application_start.exe
Overview
Analysis
File Details
Downloads (8)

do_application_start.exe

Cat Lady Interactive

The application do_application_start.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from intva1.bitdesktop.com and multiple other hosts.

File name:

Publisher:

Cat Lady Interactive

Product:

Cat Lady Interactive

Version:

1.2.9.2183

MD5:

0ba130bd9f80073315fbc1a34aaf8671

SHA-1:

ee81ac0fbaad9abbbda589b18d543225d580a44e

SHA-256:

5ec16aef035e75ef6ac82958ad171659fb441869a51e18a9bfb41eda2c341d2e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:18:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.CatLady.Bundler.Installer.Meta (M)

16.4.24.17

File size:

886.1 KB (907,360 bytes)

Product version:

1.2.9.2183

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\do_application_start.exe

File PE Metadata

Compilation timestamp:

4/30/2015 1:04:21 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:dbUekAzLv57ehgkMLdc3IoZ3xgPVlcKYCFJTRgu:lRkA1IF4dcYcgPVzYoJ1gu

Entry address:

0x4522

Entry point:

E8, 29, 9E, 00, 00, E9, 33, 97, 00, 00, CC, CC, CC, CC, FF, 25, 1C, A5, 4B, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 74, 24, 10, 8D, 9E, 0C, 02, 00, 00, 57, 39, 1E, 72, 09, 56, E8, 59, 00, 00, 00, 83, C4, 04, 8B, 06, C6, 00, 3D, FF, 06, 39, 1E, 72, 09, 56, E8, 45, 00, 00, 00, 83, C4, 04, 0F, B6, 7C, 24, 10, 8B, 16, 8B, CF, C1, E9, 04, 8A, 81, F0, A9, 4B, 00, 88, 02, FF, 06, 39, 1E, 72, 09, 56, E8, 22, 00, 00, 00, 83, C4, 04, 8B, 0E, 83, E7, 0F, 8A, 97, F0, A9, 4B, 00, 5F, 88, 11, FF, 06, 5E... 
[+]

Entropy:

7.9648 (probably packed)

Code size:

56.5 KB (57,856 bytes)

The file do_application_start.exe has been seen being distributed by the following 8 URLs.

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=bluestacks-setup-125673575 (1).exe&checksum=149098

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Rayman-125724869.exe&checksum=130068

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Mortal Kombat II-125771089.exe&checksum=130068

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbasdsdsl41216&signature_id=0&_action_=getbin&filename=notepad-setup-43020983.exe&checksum=120315

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbasdsdsl41216&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42908725.exe&checksum=114706

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=bluestacks-setup-125673575 (5).exe&checksum=149098

http://intva4.developbutton.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=Setup-74986269.exe&checksum=108984

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&hashstring=jbaprl41216&signature_id=0&_action_=getbin&filename=minecraft-setup-121736915 (1).exe&checksum=163767

Remove do_application_start.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.