» mustang_setup_ad2game__1.0.exe
Overview
Analysis
File Details
Downloads (1)

mustang_setup_ad2game__1.0.exe

Mustang Browser

Rafotech

The application mustang_setup_ad2game__1.0.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from download.rafotech.com.

File name:

Publisher:

Rafotech

Product:

Mustang Browser

Version:

1.0.39.99

MD5:

935ae6d38e16ff35ce1575fffeb05757

SHA-1:

6b32dc887853b6a83f55b197bb53ab51af6312e9

SHA-256:

48ae99c75ec3c62a94e01e8117e820148336a09de600e310a75f7bf50ea9992a

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/27/2024 12:44:51 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160327-1

Dr.Web

Adware.Mutabaha.787, Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

7.0.302.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.477.0

Norman

Win32.Parite.B

29.03.2016 06:29:16

File size:

1.5 MB (1,620,956 bytes)

Product version:

1.0.39.99

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\mustang_setup_ad2game__1.0.exe

File PE Metadata

Compilation timestamp:

4/30/2015 7:14:19 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:/3R6NdMCfD+Q8lbdapP7/RGk77c16O9BZxCEsFFjrnc+DzJu9FTP9w:PR6NdMj1Qp7RNEZ9BTBsfjrnc+XE71w

Entry address:

0x168000

Entry point:

90, 68, 1B, EE, 25, 01, 5B, 90, 90, 68, 22, 80, 56, 00, 5E, 90, 68, 98, 05, 00, 00, 5A, 90, 90, 31, 1C, 32, 83, EA, 02, 83, EA, 02, 75, F5, 90, 90, 90, F3, 93, 24, 01, 1B, EE, 25, 01, 1B, EE, 65, 01, 50, 85, 27, 01, 43, EA, 33, 01, C7, E5, 33, 01, 1B, 5E, 27, 01, 1A, EE, 25, 01, 8F, 4E, 66, 01, BB, 8B, 61, 01, AD, 8B, 61, 01, 33, A5, 21, 01, 85, 8B, 21, 01, AF, 8B, 21, 01, 8F, 62, 26, 01, 85, 8B, 21, 01, AF, 8B, 21, 01, 1B, EE, 25, 01, 1B, EE, 25, 01, 1B, EE, 25, 01, 1B, EE, 25, 01, 1B, EE, 25, 01, 1B, EE... 
[+]

Code size:

226 KB (231,424 bytes)

The file mustang_setup_ad2game__1.0.exe has been seen being distributed by the following URL.

http://download.rafotech.com/.../download.php?cid=ad2game&s2sid=&guid=430c37a2-460e-fd52-5881-931fc9ab91f3

Remove mustang_setup_ad2game__1.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.