» dsj3v170.exe
Overview
Analysis
File Details
Downloads (1)

dsj3v170.exe

Deluxe Ski Jump 3

Mediamond Tmi

The executable dsj3v170.exe, “Deluxe Ski Jump 3 Setup ” has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from s6739.chomikuj.pl.

File name:

dsj3v170.exe

Publisher:

Mediamond Tmi

Product:

Deluxe Ski Jump 3

Description:

Deluxe Ski Jump 3 Setup

Version:

1.7.0.0

MD5:

b6d3feaf53dd6670f4be0e81757456ff

SHA-1:

af8ae9670ccfdf718d7eb55bec73be370b50efda

SHA-256:

cc028f4b9a7268022f160e1b9c16492ab1860d82c157a7c180ab362126dcaafb

Scanner detections:

9 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/15/2024 7:47:32 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160326-0

AVG

Win32/Sality

2015.0.4355

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.217.1503.0

Norman

Win32.Sality.3

10.04.2016 15:29:17

File size:

3.8 MB (3,962,284 bytes)

Product version:

1.7.0.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\documents and settings\andrzej\moje dokumenty\downloads\dsj3v170.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:ebVFnKKkKSAbLPGGC95OQ7LO6tZVzwj9yhyjpRKE2:OnkKSIHC9ha6tZeoCpRa

Entry address:

0x9A58

Entry point:

69, C5, 83, 22, FA, CD, 8A, F4, 8D, 35, 45, 0F, CA, CE, 68, 66, DF, 80, 00, 14, AA, 85, ED, 74, 07, FE, C7, BE, 93, BC, 42, 90, 69, FD, BF, 58, 44, 57, 0F, BF, C0, FE, C8, FF, C2, 30, C6, E8, 00, 00, 00, 00, 69, DE, 12, 8E, BD, 2B, 84, FE, 49, 69, F8, 43, DE, 60, 69, 81, FA, E2, 21, 87, EA, FE, CF, 8D, 07, 85, EF, 58, 8B, CA, 68, 20, 6D, CE, 00, 86, EB, C6, C6, 8C, BB, 47, AB, 61, A0, 69, F3, AB, DC, AF, 07, 85, C8, F7, C3, 0E, 2F, 1C, 24, 69, FF, D7, 88, 7F, 2C, 8D, 35, A9, CD, 89, BA, F3, 0F, BE, DF, F2... 
[+]

Code size:

36.5 KB (37,376 bytes)

The file dsj3v170.exe has been seen being distributed by the following URL.

http://s6739.chomikuj.pl/File.aspx?e=h1eLBB9lwGa5fAQVfZFUuEA1QHm0B_GIZ2I-DscZYTZI4pzohflFbCYKnqjoFPTswrQ5-xaDLUnGEJTOMnZ1uyK9gw5xX3EtP10FGvnm0oQNvTWC04T6tf_iyeYPdOLNFpbHgaGzbJNcRLKNFpCR4Q&pv=2

Remove dsj3v170.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.