home

javasetup-168284845.exe

Mana Media

The application javasetup-168284845.exe by Mana Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from intva2.microexecute.info and multiple other hosts.
Publisher:
Mana Media  (signed and verified)

MD5:
076cdae961a6fcbb4120b3fc55638bfb

SHA-1:
d6017d235d4ec4795bb2d30299a0414014e39892

SHA-256:
80fdaa848b56f58f6f33ff899496b294c60aa64802a0f708cecc3c34bb5eb0dc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 12:43:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittallia
16.7.13.17

File size:
491.2 KB (502,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\javasetup-168284845.exe

Digital Signature
Signed by:
Mana Media

Authority:
GoDaddy.com, Inc.

Valid from:
3/9/2016 12:16:38 AM

Valid to:
3/9/2017 12:16:38 AM

Subject:
CN=Mana Media, O=Mana Media, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
70E4313952F686EC

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
12288:PdALv+81lTtIefcuhxQ3PPcI0cdUjeR7yn0MKVHxIUBNc:PGLv+OdmefcuhxQ3PPrpdUjeOn0zHxIL

Entry address:
0x3D2E0

Entry point:
C6, 05, 50, E2, 43, 00, 00, B9, 00, C0, 47, 00, BA, 04, C0, 47, 00, B8, 50, F0, 46, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 30, F0, 46, 00, E8, A6, 3B, FD, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1705

Code size:
240.8 KB (246,560 bytes)

The file javasetup-168284845.exe has been seen being distributed by the following 21 URLs.

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=02044b6956ed41e3ac68f5f80a2dda27&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://int2.cdn.hw.microexecute.info/dl-pure/1204039/.../?bc=1204039&checksum=168571509&filename=FlashVideoPlayer.exe&cb=335371435&usefilename=true&executableroutePath=1204003&stub=true

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=5ad523f484ed4ef1bbf87993293c0362&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1161&filename=FlashVideoPlayer.exe&p_tid=a29e720d23694b338020c87590300914&source=24&productKey=po2hzi3hjtpljp7xz2754n7robwwzhne&zTmp=1

http://int2.cdn.hw.microexecute.info/dl-pure/1204039/.../?bc=1204039&checksum=168548207&filename=FlashVideoPlayer.exe&cb=-64129389&usefilename=true&executableroutePath=1204003&stub=true

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=9f9a66d07b4d405782f89e830d04edda&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=9825de8e9ec34773ad1e7ffc8a0ef6ec&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=3998031f179b43f0a595b4be313ae35c&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=6c398ee0f1744957bd5527095df6941e&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=bbbadca9e7304cb0b9934f3701bd0023&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1161&filename=FlashVideoPlayer.exe&p_tid=636abc4418b34a1dabf38fe2001a67c6&source=24&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=f7e3691d8ffd4369a8ee39e3f9130066&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=a418355f8dd54c50a40ead9a36a10287&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1161&filename=FlashVideoPlayer.exe&p_tid=bfd63ead9ddf499eb3a0d2cf1abbf3b7&source=24&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://int2.cdn.hw.microexecute.info/dl-pure/1204039/.../?bc=1204039&checksum=168522151&filename=FlashVideoPlayer.exe&cb=1595250348&usefilename=true&executableroutePath=1204003&stub=true

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=b6c2bb46f35b4679b5ac2defe751e4ff&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=8749e879c1cc4954b97cce9d4bee3634&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1159&filename=FlashVideoPlayer.exe&p_tid=9e05a56cebb4401d95f1ff1b9d816301&source=3&productKey=zi5m72t46te7utinv7toncu3q547n7kv&zTmp=1

http://i70e.srduamsrduam.xyz/download/lp/2299?lpm_id=1160&page=/151118/1160/.../b9uu

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=577743bb5b1f4065b33adf601f4cf787&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

http://intva2.microexecute.info/dl?bc=1204039&c=1160&filename=JavaSetup.exe&p_tid=2bf38cda7dc543c9b4cb78cb53f3c800&source=3&productKey=vaieo7n2giugioxyothg34ymc5luymzp&zTmp=1

Remove javasetup-168284845.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.