offercastinstaller_asg_aresgalaxy_17941663_828472_.exe

Win

The application offercastinstaller_asg_aresgalaxy_17941663_828472_.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from global-shared-files-l3.softonic.com.
Publisher:
Microsoft*  (Invalid match)

Product:
Win

Version:
1.00

MD5:
0813efe9c7420b2f23a73647cd2c338b

SHA-1:
8d2fc7892beb046420da0c6acb9902d2767ec554

SHA-256:
137a4f8202be5066876c0287033d0a9491261611d35f23cbceea25fb89619587

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 3:05:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.Toolbar.Bundled (M)
16.8.20.22

File size:
1 MB (1,080,126 bytes)

Product version:
1.00

Original file name:
Win.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\offercastinstaller_asg_aresgalaxy_17941663_828472_.exe

File PE Metadata
Compilation timestamp:
6/14/2011 2:01:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:+5xolYQY6z17uwoU+vIO1xcYYhEDNtTyZtYRMJq4Nt:JYc1boNvIuxtYE7yTz

Entry address:
0x3670

Entry point:
EB, 02, 88, D1, 23, FF, 0F, BE, F1, F6, C6, B7, FF, C6, 68, 7E, D6, 60, 00, 80, D3, 63, 0F, B6, F2, 81, F0, 6B, 6A, 9A, 7E, 4A, 69, C8, A6, 22, 76, 7D, 03, F2, 85, FB, 72, 0A, 1B, F0, 8D, 2D, 93, 46, 4C, 4C, B1, 65, 68, EE, 0E, 00, 00, F3, 5F, 0F, AF, CA, 81, EF, B7, 00, 00, 00, F2, 0F, B6, D4, 80, CA, 6B, 78, 02, 39, F1, 85, EB, F7, C6, 22, A8, F2, B6, 46, 81, EF, 23, F2, FD, FF, 01, D0, F7, C7, 3E, 03, EE, 7E, F3, 81, EF, DE, 0D, 02, 00, FF, C1, 69, DB, 32, 77, 95, 54, F7, C1, 37, D6, A5, 57, B1, D4, 34...
 
[+]

Entropy:
7.6770

Packer / compiler:
FSG v1.10 (Microsoft Visual C++ 6.0 / 7.0)

Code size:
172 KB (176,128 bytes)

The file offercastinstaller_asg_aresgalaxy_17941663_828472_.exe has been seen being distributed by the following URL.