home

guildwars2_game_downloader.exe

Fapebepin

Mode Quality (Alpha Criteria Ltd.)

The application guildwars2_game_downloader.exe, “Fapebepin Setup ” by Mode Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultsconceptsapps.com.
Publisher:
Tobu   (signed by Mode Quality (Alpha Criteria Ltd.))

Product:
Fapebepin

Description:
Fapebepin Setup

MD5:
183b2dc3a06006483d75e4bc2304c44e

SHA-1:
1053cdd3766d1ca5e448f6a9b01c24110dfa4ec5

SHA-256:
e8d9bc2c29f1d408a7697a6c4ff2121a7fdd4a8f8b29ed1fb889079b1e46e1f7

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 6:38:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.11.24.12

File size:
933.6 KB (955,968 bytes)

Product version:
2.8.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\guildwars2_game_downloader.exe

Digital Signature
Signed by:
Mode Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/7/2016 1:37:46 AM

Valid to:
8/3/2016 7:20:26 AM

Subject:
CN=Mode Quality (Alpha Criteria Ltd.), O=Mode Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F7B537910FF19F9FCEA90DA601703349

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:MiGYBIrSqmgQxYjnCddRIFtjtLN7AXUvBszXChyEr+Fk6xcJ4oBWYH:R76r2nxYLCddOF1UXUvBSysQ+FnxJw

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9365

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file guildwars2_game_downloader.exe has been seen being distributed by the following URL.

http://www.vaultsconceptsapps.com/O8830m7vBatlcoFlY0XrJ6oAnO0fNhhtABOjtI rYXViPLaGa0H7GeLNjMLW0tTgCoRC0gMr QVZaNSuUen5lARf EQ VUe00AbpklvoR2lDdnvZsriKCoScpBlgveI6q94eQ71M1BJEzMopqW12eTqAl9 DfH_B4XU8IvMCntD8PTiPwdhvXo61Oka9j366DouisvH7hKyVi8qhnkW9S6dnmgrGzWmxFLXYd6H_3h1nZ_ ytfo Yuq8Obq1YSqDwSiu5XsOE1qXgNzcFdOIbewgylOQ7Rx8w4kbNyQhc5HiPlRlDpX9dk6gLhXw3YV9FH3iGgTQO9uzVxhhYsB0_FNh4AGonoqJYoXu 4RDHq3Rbu5w 4d8SJ0NI8YvSpjzpWQWhuYKN9Ni1k4PPDFvlmt4PuaH81_JnO4mtZsuGkuWgrtnNsTBljHLfKOQwdbKp7ZKV0dtMwgg3w3yRHbQ0tydUUb5jyr9CanPIyej00V51jGrTJKlNWU5Hv4gAVkBN_1c_7qA4pkHRTxRiegjy03inhCwgX_tp_POq3ByL5iDm0 zqMpjx8R7u962YRIwj9ZYE0OS3oQNT_hdXP08eLOUZRE25HCCo2TQJ9fd4 XoQn5MFWc=-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

Remove guildwars2_game_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.