imesh_mp3_downloader_free.exe

Imesh Mp3 Downloader

Prospera Software, Inc.

The application imesh_mp3_downloader_free.exe by Prospera Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from aresgalaxyonline.s3.amazonaws.com.
Publisher:
AresGalaxyOnline LLC  (signed by Prospera Software, Inc.)

Product:
Imesh Mp3 Downloader

Version:
9.2.0.0

MD5:
efddb756498c0e973c5ec9640fa68c8e

SHA-1:
ab1623a517034a04684d94e3e11e6ad1f9c805a1

SHA-256:
72abacc918f12f44f6204aa37d70db54eee78e7534d31164c309665acf23e630

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 11:56:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Prospera.Installer (M)
16.6.11.1

File size:
4.9 MB (5,120,976 bytes)

Copyright:
� AresGalaxyOnline LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\imesh_mp3_downloader_free.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/24/2016 2:00:00 AM

Valid to:
5/25/2017 1:59:59 AM

Subject:
CN="Prospera Software, Inc.", O="Prospera Software, Inc.", STREET=4539 Arbor Crest Place, L=Suwanee, S=Georgia, PostalCode=30024, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CFE53341D03C1BC7A0B9019D5E2A6C82

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:Qpu9HQeRM9PTx9vw3hpJYs7WSWGJqO62xrTdX1plf3uzY4xSN+fw8sr:QpuRQvPI3hpibGJq9Or14qc8r

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file imesh_mp3_downloader_free.exe has been seen being distributed by the following URL.

Remove imesh_mp3_downloader_free.exe - Powered by Reason Core Security