room_arranger_8.0.exe

Jan Adamec

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Jan Adamec  (signed and verified)

MD5:
68b078fe29be5f5c242bab51cb15eef0

SHA-1:
e6e66e636ce02524c79061ccbf5e535024267068

SHA-256:
da066f0ab9883eaeaf85873e246770f5bb724f80f8687b82a5b733ca1093c3b8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 2:55:14 PM UTC  (today)

File size:
21.5 MB (22,503,848 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/11/2012 3:00:00 AM

Valid to:
6/12/2015 2:59:59 AM

Subject:
CN=Jan Adamec, O=Jan Adamec, STREET=Na vysine 2076/3, L=Praha 4, S=-, PostalCode=14300, C=CZ

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
40B6FCE015FA82D0BA2AF300BDDB6972

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:9jCJivnsYf6JTWSol+L+NnCjE8xTWn+r1qF2wcUQ1UJ3BtqpMlcloo99+bEaM76:dmimJT4eAnCQ6CXW63BtqpMlcOo9mE/u

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file room_arranger_8.0.exe has been seen being distributed by the following 13 URLs.

https://dw.uptodown.com/dwn/Fvx1WCUIsTu0MTSV7rzxbTkQ6asKhJcWbCfKL_IXqjSOgtPs1HyLEiZ9-r3vukK3tt466EI3wS_f7noIExOzhz00b1XtG4QouPz8DiMrN9Maa1Y2PYR1KPaVU5ULjise/DTU2YyZ_ugD9z21SDYLDt5y2WXeq0BvjwHfQQoMlQhqNtO6tBMQKk2xVhFxw_ALB-nZfNEyiuMLv83iDhA-Z7aMTKHGWc6QY4DLHqDcqy3QJ6VlHWybeRwP8eTCaC8NC/Xdf2aeC0xQeg1EL5uXE4b-dwPR64H6lFdEPnZ6gSa2GW9glDSyTY7QcMZqO_i5iQh_6LQFVwukspH2RgKjqys8Y-FnXwgqhZykCtRM5NuEBu1PoApwHuaFn0zGGr8gmE/.../

http://dw.uptodown.com/dwn/_Q34K2UiJ-A6vQP54pQuemJQMuB-ClP-Y_8j6qLq7vSfv1uFrOxiaJJX167m7pof6TxScVgLaBRqRA6zJjm2snlp74dj8s1rm6sVkivTTYu7vtF3noNwLxHm9jWvLLkB/7FjgL5c_2KSrPAjUXvuDopEZHgSV9fE-RIYsHhLYnUz7U4eow-KguodjHssqIc57hRvOeBZ-K6kEbOWegadrL-EuUj6ad3vNS3ua5XfHdQ2fIcuHNgWE8G6vu5b3alHd/vn7TZ5u3cmFn3Xvt_MVmxOpx5ruN_E69yytbYyHNPJ1ofryyn9A49LjLhiG7Iq9TofKQpcQsJ58MZwswAKmfh7yxlF4hrxBx4v3AWypaDksIirOqeg5MrWJbJmYH1Fdq/.../

https://s3.eu-central-1.amazonaws.com/.../rooarr8.exe

http://dw.uptodown.com/dwn/UHg-HSVn7-ZONn58BCO-G9-Hv-rYmDACfXSV8Kh3Dvi1RKGH1_dVYovb9NTp78Fgo5xsPm35bPPVOlIW8CBKxfjqjbEGwMx9LIuOdPp7Ucn7Nbtmku59dz_e_rHdMHfq/ksfzrr_c9mfi_EItvj42E4_z8G7uRKWfhKTSTRgzeq9E4D8VwQqujNU-HSOLpTyOt75FGyqdADNBzzBpp_KTbEDNR8T7Cw91o1dTZY7NYDeJ1lEH5il-8JU5PkDSUnE5/Mttgw5daj1Xt1kBtoDd9XapNuNsU2oMhKyBK1EcPDr2eeBj529WTbhjGaGMkahbr5-UhXzI-Ri4j9pcIQUEKEEL-5StJhICpvLdzbqgtAOyLUGtNRk_XnT7rm2Z2zhQE/.../

http://dw.uptodown.com/dwn/qesYs8v27xjhPhWkMeAO6Xfme18pfn9sTs2lCfFYtRbJoClGI79DteE4gD0tz3_TIP7FC6clvyV0bUG5n0VRaN0434MT18F5pRsiqAvRXeTBAdo5kPpWaKSnEDdn_Kzt/B13iCZdfdQbM-utfX5D5uK16vp-SbsKy_P54Dcd65reO7zfe4dGS6TAiB3WmJaE3MOt0E03RJX_hAI9NIacFSCxcjBURgYZsjnj-uUvw5DJuUxET4JIz7gDfNtjlp5bm/UXqh2XbFJwbVT_iAbQENCKG2zxRYpwzdynQ1-f0H0mZUcwtPDa_MEJiBVaI89th8LHq3nuztnp8z2Fk7pA10lDG2d0G80uljBKPRXeceyoPgKjts4E36ggx8ykXXFPqC/.../

https://dw.uptodown.com/dwn/WdqGi_PPVycgmUK69ROPuSPYVT2WgoJmOAJqCPFLGftNrXC1IApAxfwllcJMHKtxvxECnATunLH2YKziPdax7xVNMRGzJ14CyrlEfQCvuwQP76YCbLeYP4wMcEEb8Myf/EydYR1X5l1XSaKlNn1ER8esXWFt0hXkxkoRZV23Bhkpp3VDUX093IQzPthuSHnTn22Y_kITOdLsZAtJ_1KuAHHoeAMEAoGnvVfcrfVM9asDiTm2L0CLBHLqyrx09OnEy/qasF1_dpWvn2fuy0fkjFwe5CPJ4byhHWsYOYb-SSnVhlIkChKn-fgVRmMwewtwaVoLALj8hvXMlNhFfInRQ6U23X2Ib2_YjAwlpfOBycCv0iPs_g4jK_b5cEz0CrHyUI/.../

https://dw.uptodown.com/dwn/2t6wdvVKYWhLWrAdki67qlRWhNOOkpAZaeuy_vvEPheNXGCacOMTZ2dINdIIXgHZmJhthHmpuODMn2zTWR68sLXehRI6nNeNwq4qmaa8I5MspgRPHRpxxYHmjPQdTktm/solL0W_HU9H0GT5746hTBWagJbG5D7Lv4RfJELDr2uNJMMVLqQF78Dkm2dB7gq8TOqqL2SU6OU8FZzxOAe8BARvvH_1MjrI0WmhpiQcAQX1A-eWT0KO5ebLlMIqZWd4U/J856blWIhAlE0NgUTp_ih6I2t-qnhlZU-gdoge6AmVulmNYKjdZuCAcmy-R6x4uM8cqEQNTCQ4Ldo6sk8SsHoyt4TXdTuDgmy4KQJIm6vBPrS6sLfBaUY0MmHgtMESYP/.../

http://dw.uptodown.com/dwn/0sDxPSNUKytQJio7ZDsNd6wy1250EbcDbTvmYNbnUmmiMv78tywqiRf-SnF7iSQ4S0ldK1sjX8-acqdCVNuq5DsBy6UGnDZlQsOtjLJNifYl3iUns4uzX__ByNZqnIe4/ftBKBorUv5kp0rF8thGVO4jIeKc6YywCwB-Baay9s7w7kN-jl9GKMiYEtSfrq_Hyb8J_EBu-OLPjt1z5qeY6gP_hE6mtE0ebf5aMDUg8TDyARgBuH_9YqmnwgTuJfd6E/HfOyLo5hxIuP-F8R0PgcwupACiEk6830ofvRRJ2UuHVkciEB5Fu4U_1f9iyaamAhIQvwLrD8EfragMY4mGiEXDRkVzNNfKTnE88rYANcvSRSOweZ-j2UgHpwS81vENR9/.../

https://dw.uptodown.com/dwn/1iZ_k4H8iVoHRuMW6QT6dIpR1wXJJ1lfKo-HJewN58jcGzVpugeo5btF8yibbm6jkL8kxyLXFGoxoTosMvOg9UhXuHo6i6c82LLbSY9EMQ8jLNMl-2FLL3eos6g-LHYw/9Zw3ZNyJqHcoKxKFwrjni4vMr6ow_UUeIIqVuACP9bwD2AKjB-VDizRdrHAn7KjeDkmIS_l5r54CwkF7jFYNPzpkePVqG_IgI7_hDbpVvna0c8_ykffUNMjtoBiPoZlM/D3v2WH-dl5j40j0oEtllPo4nqXHGuE2JuOrCD8i4Nx1R2n80MNiD3V9FQISY-rvKtIktlXsHc1fp_gF-YmHxE2gQuPtFPLj9OKrINoaEISxmaRGytcsx7NvKBc2uXtAs/.../

Scan room_arranger_8.0.exe - Powered by Reason Core Security