home

plants-vs-zombies-en.exe

Plants vs Zombies

LuckyCityGames

The application plants-vs-zombies-en.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from plants-v-zombies.ro.softonic.com and multiple other hosts.
Publisher:
LuckyCityGames

Product:
Plants vs Zombies

Version:
2.0.0.0

MD5:
5c3b834a9a4025b5b6b9bbfb71ece374

SHA-1:
d00288f993a0e50844b82ca316e20dc107bb20b0

SHA-256:
85b8f7d2e9f2c571b7fb032a9ef443255aa1bf755491e16cb97e05850b3f56ce

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 1:29:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2852165
427

AhnLab V3 Security
Malware/Win32.Generic
2015.12.04

Avira AntiVirus
WORM/Febipos.4154239
8.3.2.4

Arcabit
Trojan.Generic.D2B8545
1.0.0.628

Baidu Antivirus
Worm.Win32.Febipos
4.0.3.15124

Bitdefender
Trojan.GenericKD.2852165
1.0.20.1690

Bkav FE
HW32.Packed
1.3.0.7383

Emsisoft Anti-Malware
Trojan.GenericKD.2852165
8.15.12.04.04

Fortinet FortiGate
PossibleThreat.P1
12/4/2015

F-Secure
Trojan.GenericKD.2852165
11.2015-04-12_6

G Data
Trojan.GenericKD.2852165
15.12.25

IKARUS anti.virus
Worm.Win32.Febipos
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18027

Kaspersky
Worm.Win32.Febipos
14.0.0.1021

McAfee
Artemis!5C3B834A9A40
5600.6561

MicroWorld eScan
Trojan.GenericKD.2852165
16.0.0.1014

nProtect
Trojan.GenericKD.2852165
15.12.03.01

Panda Antivirus
Generic Suspicious
15.12.04.04

Quick Heal
Worm.Febipos.g8
12.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R021C0EKA15
10.465.04

Vba32 AntiVirus
Worm.Febipos
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45598

ViRobot
Worm.Win32.A.Febipos.4154239[h]
2014.3.20.0

Zillya! Antivirus
Adware.OutBrowse.Win32.63611
2.0.0.2543

File size:
4 MB (4,154,239 bytes)

Product version:
4.7.1.0

Copyright:
Copyright by LuckyCityGames, 2015/10/29

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
1/26/2015 11:49:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:qcsoSLM9/q8EOA5iXT+s0j3KWm06cFFohwa17BygVYBDJC7gu0hJ:qXvLM9C6A8O3KW6cajpVYBDJegl7

Entry address:
0xC120

Entry point:
55, 8B, EC, B9, 11, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 14, 91, 40, 00, E8, D4, 85, FF, FF, 33, C0, 55, 68, 90, C9, 40, 00, 64, FF, 30, 64, 89, 20, 33, C0, A3, D8, 0F, 41, 00, 33, FF, 33, C0, A3, 04, 10, 41, 00, E8, FD, CD, FF, FF, 0A, 05, A0, C9, 40, 00, E8, 02, CE, FF, FF, 33, C0, A3, 00, 10, 41, 00, E8, FA, CA, FF, FF, B8, F8, 0F, 41, 00, E8, DC, 77, FF, FF, E8, AF, 98, FF, FF, 8B, F0, 6A, 0A, B9, A4, C9, 40, 00, 8B, 15, 84, 0B, 41, 00, 8B, C6, E8, A5, 98, FF, FF, 8B, C6, E8, 7A, 96...
 
[+]

Entropy:
7.9268

Developed / compiled with:
Microsoft Visual C++

Code size:
44 KB (45,056 bytes)

The file plants-vs-zombies-en.exe has been seen being distributed by the following 8 URLs.

http://plants-v-zombies.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKWNo6ShmZo=

http://plants-v-zombies.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKWNpKWjlJU=

http://plants-v-zombies.com/.../Plants-vs-Zombies-EN.exe

http://plants-v-zombies.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKWJn56jk5g=

http://plants-v-zombies.id.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKWIpJ2ompU=

temp:Plants-vs-Zombies.exe

http://gsf-cf.softonic.com/d00/288/.../Plants-vs-Zombies-EN.exe

http://plants-v-zombies.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKWLoqShmps=

Remove plants-vs-zombies-en.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.