home

rocket_league_flt_pc_fulldowngames.exe

Installation Wizard

WMD Internet EIRELI - ME

The application rocket_league_flt_pc_fulldowngames.exe by WMD Internet EIRELI - ME has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.applicationtourscity.com.
Publisher:
adsafiliados  (signed by WMD Internet EIRELI - ME)

Product:
Installation Wizard

Version:
1.0.6.45713

MD5:
b05436d8155a8ae731edacf6a85163a4

SHA-1:
b1a330738e3c362fe298f87cd591275db1d61b38

SHA-256:
fe1d8eb4bba5984e366aecab6e74181012bcd6294b313776487eb9562704269a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:23:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.15.1

File size:
947 KB (969,688 bytes)

Product version:
1.0.6.45713

Copyright:
adsafiliados

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rocket_league_flt_pc_fulldowngames.exe

Digital Signature
Signed by:
WMD Internet EIRELI - ME

Authority:
GlobalSign nv-sa

Valid from:
5/31/2016 4:21:42 PM

Valid to:
6/1/2017 4:21:42 PM

Subject:
CN=WMD Internet EIRELI - ME, O=WMD Internet EIRELI - ME, L=Bento Goncalves, S=RS, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EF6259F3BBE7A5361E2D78223CF5D28A

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file rocket_league_flt_pc_fulldowngames.exe has been seen being distributed by the following URL.

http://www.applicationtourscity.com/HmUzSLKTP2Ck45sWHUXSeBN4PH015NTG0Xytm3S1vfpQOT1lwB1stOZv VG2MDe_HxIB5TsYgZXWdtyxJc1pQY0GoriYMq2kVwtW RvI2CVczL5niEMrbireDGQ7mWGLlF8BSB_WGO7Wh8Qexww4uoiJ6 WiMV2hTXJltUahpeigWeOCI2APfoAv_vkg3yeea5vLorIXGMPNQrICThgLBGGfs2xZnC9i5WCqEs4e9JZKjX4WLKbjhnHcfZP1Tal66Ek4D9Q2RfhWtTJND6FUdhdKvHsUiDn5MyeTEMy8S4ZW9lEv2o24RpIU3eFQf8_pGuLD4rRcWXtdpVSjfTzrRZUgcm8cBt4ApLMjq4OEB6wPJz5A6Zu9D5MJ7GT_uaNLG erjxA22dV2wnCIHc8rjH x22kKTtOPvHK93E_cvxztiwCMfOIHOvbtos5jusi99Qj i_1mCYllrWXcsxp4W7 m2XSIeRZRWrNGo43a6eIw6iAMpu1lTYS05pQk13jAuFm7l qQgGh7EQ_n9WwKSh1S32PLp 3V17vL6gNLUBTTenDzIdB_QvIoogJU15DfVnb_7vJOVXQ5fqzTGHCyHUx gFQQupMAr4tfEPV YGmQBJ_7_7P8SlZdXTg8iQ73DVlpsADeH0OhU0EHY3O8Gcvv6EJ5eOvSQVoQ6uLzbSc6DwquTGCgnfVmIxIbnTbBOcwoKGYTDNV38v4YTStFnrtjxg8KnKgsQd2s5YSW2j0Obc5XP0xQeht2rO1aWI 2jbdUPUYvYib1LZQ7Lav0f0ip7o1bbBb8o4OyHshJuv7iQDkcQFZWG 8rIaI9G1Rssov12ON1A86MtCoi0mn5ZMyGhtHvzyTgMbAH4B3VN7PdVffEc303EVe80PwrhggzTjczCSG2VfbpCeDZgczMXcv5ypT6kNpS9mw8X1EHSjk3vt65Q1tra97t5j6xfWHQK62g

Remove rocket_league_flt_pc_fulldowngames.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.