» farmmania2freeridegames-setup-113555-113555.exe
Overview
Analysis
File Details
Downloads (263)

farmmania2freeridegames-setup-113555-113555.exe

Cat Lady Interactive

The application farmmania2freeridegames-setup-113555-113555.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from intva2.clientmulti.com and multiple other hosts.

File name:

Publisher:

Cat Lady Interactive

Product:

Cat Lady Interactive

Version:

1.2.9.2183

MD5:

d6247001164f60ec5f9c6b8f5350059e

SHA-1:

03b3d9d120b1a73543a05ac727818a49a28d12d1

SHA-256:

a3838e1052a1017cded47582528fa70dfa9fda7208662e3c3fbfb6132f7c067b

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:59:45 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

8.0.319.0

F-Secure

Variant.Razy.19119

5.15.21

Norman

Gen:Variant.Razy.19119

29.02.2016 03:11:57

Sophos

PUA 'Download Admin'

5.23

File size:

885.8 KB (907,072 bytes)

Product version:

1.2.9.2183

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\farmmania2freeridegames-setup-113555-113555.exe

File PE Metadata

Compilation timestamp:

3/16/2015 7:01:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:SahvrfvrVYbuIKQ+qRiIhqWzMNpR7YGFt95gUuzqhB:L1hY5HViOzMNL7rjgUoW

Entry address:

0x1576

Entry point:

E8, 15, CD, 00, 00, E9, 1F, C6, 00, 00, FF, 25, DC, B4, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, D4, B4, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 5C, B4, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 81, EC, 18, 02, 00, 00, 53, 8B, 9C, 24, 20, 02, 00, 00, 55, 56, 57, 8D, 44, 24, 14, 50, 33, FF, 57, 6A, 01, 53, 89, 7C, 24, 24, E8, DB, 08, 00, 00, 8B, 4C, 24, 24, 8B, F0, 83, C4, 10, 8D, 2C, 0E, 85, F6, 75, 1D, 53, E8, 65, 0B, 00, 00, 53, E8, 5F, 0B, 00, 00, 83, C4, 08, 8D, 47... 
[+]

Entropy:

7.9658 (probably packed)

Code size:

56.5 KB (57,856 bytes)

The file farmmania2freeridegames-setup-113555-113555.exe has been seen being distributed by the following 50 URLs.

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Pokemon_ Fire Red Version-83939651.exe&checksum=160284

http://intva4.developbutton.com/dl-pure?usefilename=true&signature_id=0&_action_=getbin&filename=hotspot-shield-116428683.exe&checksum=144704

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=2ap32116&hashstring=2ap32116&signature_id=0&_action_=getbin&filename=minecraftfreedownloadsuscom-setup-42981121.exe&checksum=158571

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=ap3192016&hashstring=ap3192016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-41260535 (1).exe&checksum=153302

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Dragon Ball Z - Guerreros De Leyenda (Spain)-120854095.exe&checksum=160284

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Super Contra-121918369.exe&checksum=160284

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=openofficesuite-setup-41401139.exe&checksum=153949

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Yandere Simulator-April 3rd-121680377.exe&checksum=166874

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=ap3192016&hashstring=ap3192016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-41899837[1].exe&checksum=153302

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Crash Bandicoot-103520079.exe&checksum=166874

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Assassin's Creed - Bloodlines-123060115.exe&checksum=164825

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Agar.io-1.0-123894385.exe&checksum=150530

http://intva1.bitdesktop.com/dl-pure?&usefilename=true&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40238857 (1).exe&checksum=153949

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=ap3192016&hashstring=ap3192016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-118490859.exe&checksum=153302

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Yu-Gi-Oh! - Day Of The Duelist - World Championship Tournament 2005-123210471.exe&checksum=164825

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=2ap32116&hashstring=2ap32116&signature_id=0&_action_=getbin&filename=handbrake-setup-43314379.exe&checksum=147874

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Legend of Zelda, The - Twilight Princess-122072819.exe&checksum=160284

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=ap3192016&hashstring=ap3192016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40608645.exe&checksum=153302

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=7zip-setup-59317765.exe&checksum=120078

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Yandere Simulator-April 3rd-121239845.exe&checksum=166874

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Microsoft Office 2010 Professional 64 bits-1.0-118598413.exe&checksum=166874

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Spider-Man-117266339.exe&checksum=160284

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Mario Kart - Double Dash!!-87603747.exe&checksum=160284

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Classic Nes Series - Super Mario Bros.-94488409.exe&checksum=160284

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=jb3172016&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=7zip-setup-61851943.exe&checksum=120078

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3172016&signature_id=0&_action_=getbin&filename=Christmas Shopper Simulator 2_ Black Friday-1.0-122695269.exe&checksum=150530

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=2ap32116&hashstring=2ap32116&signature_id=0&_action_=getbin&filename=vlcmediaplayer-setup-42996973.exe&checksum=147874

http://intva2.clientmulti.com/dl-pure?&usefilename=true&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Mario Kart - Super Circuit-87712587.exe&checksum=164825

http://intva2.clientmulti.com/dl-pure?usefilename=true&hashstring=jb3252016&hashstring=jb3252016&signature_id=0&_action_=getbin&filename=Harvest Moon - Back to Nature-79539241.exe&checksum=160284

http://intva1.bitdesktop.com/dl-pure?usefilename=true&hashstring=ap3192016&hashstring=ap3192016&signature_id=0&_action_=getbin&filename=openofficesuite-setup-40339275 (1).exe&checksum=153302

Latest 30 of 263 download URLs

Remove farmmania2freeridegames-setup-113555-113555.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.