midtown_madness_1_game_downloader.exe

Installer

Ignore Idea Inc. LLC

The application midtown_madness_1_game_downloader.exe by Ignore Idea has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
New Monte Inc  (signed by Ignore Idea Inc. LLC)

Product:
Installer

Version:
1, 0, 1059, 1

MD5:
5c699770c2c860e35e63a3197659ee6a

SHA-1:
b221edf1fc6dee1208da8f3b2476e99249435e27

SHA-256:
335d36207616ed3def198d60f4f50e557c7c0c944e6ca04de90f910407b2df30

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:53:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ViaAdvertising (M)
17.3.16.12

File size:
3.3 MB (3,467,920 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\midtown_madness_1_game_downloader.exe

Digital Signature
Authority:
Ignore Idea Inc. LLC

Valid from:
1/30/2016 4:45:37 AM

Valid to:
1/29/2017 4:45:37 AM

Subject:
CN=Ignore Idea LLC, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC, S=Manchester, C=UK

Issuer:
CN=Ignore Idea LLC, C=UK, S=Manchester, L=Manchester, E=admin@ignoreidea.com, OU=Ignore Idea LLC, O=Ignore Idea Inc. LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
1/25/2016 8:02:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x678013

Entry point:
E9, 12, C2, 0B, 00, A4, FA, 9F, 45, 4F, 4D, 6E, 74, CE, 0F, F2, DB, DF, 9F, E3, FB, 06, CB, 07, 26, 94, 1E, E3, 1E, E3, F6, 0B, E6, 9C, 32, EE, 5F, B3, D1, 9D, F7, FE, 03, C2, 3F, BA, 47, 92, 55, 33, CB, A6, D2, 31, CA, 7C, 62, 43, 91, C0, 89, 9A, 11, 80, 95, DB, 11, 79, B3, 96, DD, 45, 92, 60, 81, 1F, 00, 47, 0D, C0, 1D, EB, EE, 10, 94, 58, 0F, 1B, AC, C2, 23, AA, 00, E5, 84, B9, 48, A5, 42, 0E, 5F, 9B, E1, 63, 84, D8, 0F, 49, 33, 1D, CA, A2, 45, 07, 66, B4, B9, 7D, 6A, E6, 22, E0, 94, 32, 03, 17, 55, A7...
 
[+]

Entropy:
7.9129

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.5 MB (1,587,200 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove midtown_madness_1_game_downloader.exe - Powered by Reason Core Security