hello-kitty-dress-up.exe

Play Turtle, LLC

The application hello-kitty-dress-up.exe by Play Turtle has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Play Turtle, LLC  (signed and verified)

MD5:
fa763f56efef0c4855831b7c3d30bcdc

SHA-1:
900e025b99dd18f1fce2f29e7e37ded82150c81a

SHA-256:
d6a757c629c750b620004acf3399704d791ebbd90087eeba1c53e33357d4b2b6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 7:03:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EpicPlay (M)
17.1.9.22

File size:
1 MB (1,051,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hello-kitty-dress-up.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/9/2011 6:00:00 PM

Valid to:
12/9/2012 5:59:59 PM

Subject:
CN="Play Turtle, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Play Turtle, LLC", L=Plantation, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1FBA05C4A16403C30CAF42A3523B1862

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xC1A74

Entry point:
55, 8B, EC, 83, C4, F0, B8, C8, D6, 4C, 00, E8, B4, ED, FF, FF, 26, 33, BC, 84, 42, 82, 8D, E3, DA, 50, 6C, 38, CB, 97, 7B, F6, 19, 06, D0, B5, 50, 03, 85, 2C, DF, A5, 81, D8, BA, 1F, 6D, 63, D8, 45, 74, 2A, 4B, 53, CD, 86, 09, F8, 27, A8, AC, 59, 6E, 28, BD, 9C, 99, A8, 4A, 13, 61, 26, D6, 34, 15, C8, 04, E6, F5, 63, 5A, D2, C8, EA, 28, BB, 7D, 8E, 5B, 1A, 31, 48, C1, 77, D6, FA, 2B, 41, 52, 8D, 37, 13, D4, 85, E6, B3, C1, 10, 35, 3F, 6E, 8E, 45, 3D, 7E, 05, EE, 97, BC, 00, BE, BF, 9B, D6, A9, 64, D3, 64...
 
[+]

Entropy:
6.7248

Developed / compiled with:
Microsoft Visual C++

Code size:
786.5 KB (805,376 bytes)

Remove hello-kitty-dress-up.exe - Powered by Reason Core Security