gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe

STARGLOBE LLC

The application gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe by STARGLOBE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
STARGLOBE LLC  (signed and verified)

MD5:
b06b1c113931d96f753eebb07c5eeb1e

SHA-1:
22d914bec10fed4a5b72b8449ff48fa1c2659f7d

SHA-256:
077964d315c4b667cfaa938afa4cab899477b7c613abbb2de094788e3f60d69d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:22:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.STARGLOB.Installer (M)
16.6.2.17

File size:
49.2 KB (50,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gdfr flo rida ft. sage the gemini and lookas lancamento 2014.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
10/6/2015 6:10:40 PM

Valid to:
4/2/2016 12:48:38 PM

Subject:
CN=STARGLOBE LLC, O=STARGLOBE LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00AF454D0F54B44CC6

File PE Metadata
Compilation timestamp:
12/5/2009 7:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:JMGnYmtcLDs/saQRy7rnzrKHgccoGv8uS08p44vGmjXO3XJo5EPlJbBvDKZ7L:hoLDYsacy7mHMowHjXJo5EPlJV7i7L

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)