home

snow_brothers.exe

GameFabrique

The executable snow_brothers.exe, “Snow Brothers Setup ” has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from odl1.emasti.pk and multiple other hosts.
Publisher:
GameFabrique

Description:
Snow Brothers Setup

MD5:
1225ace2693fa9f8ce649cf3ea75d747

SHA-1:
3482bf06f8870979bb0e979ad541b166a3c557b2

SHA-256:
d1b9ce1685c8bf9a04bc5ce086b29770e1bcdeea82808137867d827cdd897ba0

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/5/2024 3:35:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.5.12

ViRobot
Trojan.Win32.A.ShipUp.948061[h]
2014.3.20.0

File size:
925.8 KB (948,061 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\snow_brothers.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:7I39dYzGv6o1Qa5LuHi2mKhgebVKo0Ld8:76dgGia5iCoVbv4e

Entry address:
0x97F0

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, D6, 98, FF, FF, E8, DD, AA, FF, FF, E8, 00, CD, FF, FF, E8, 47, CD, FF, FF, E8, 3E, F3, FF, FF, E8, A5, F4, FF, FF, 33, C0, 55, 68, 9A, 9E, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 50, 9E, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 5A, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C0, D1, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 87, 99, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9800

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file snow_brothers.exe has been seen being distributed by the following 20 URLs.

http://odl1.emasti.pk/sx/.../snow_brothers.exe

http://cdn.games4windownloads.com/8zurwFyaZ0HrkLair0b8rjGbe1r_V5FHzmBO7g1Loz8cHyjAAqCjD0vYlt_SrNx1FYc96jxjpoialHl4GkXFXhW7Ta2rQVN8sQC R2Z8 klDkREAFAefKOrF_YY0MxkBhe7vYwzFlY6BlwiN 8kn5RZqMq3Yl2jhTfnncOtx980Fhw5czo3Yo 5MAhp3uXCDZuppgPav w1MWd7NCu5Jj2RP2xwwolCbmVuFX7icG77DWop20WQ_n1BpEWgIdvW9HMOlAnrw8713rs0Rl 67U7oLa4jWeSG8KxtSDFeD09jAel510Wy8mCwXEJuRjq6Z4btGm5B2lI3V_2ARaZHjQFOshB3TUMdhzKkdxMgssKF5ch19C77 cTknNUXQAmKR FH5Wp6LlMisQfu8lMJrdKEwCAeywXHqmQ1KcaT vYfsBX1J8K3hl5ghK2TFub2TTbhdiMtB-GzMAAATiluPGOFocKSnp68EhBw5f1BZIFhAGG2NrKNFTb0w34Ahrug e563JcHU62JilCR8=-e

http://cdn.games4windownloads.com/2QIgSRmELlIDIYtleiPFudIOO s73d00xK4Kitrl7rL3ZrMnT464wvgEL__d0cx56uzvbRHwy6uPgUCGhXs_WycMeqiwJMzKDzp10GGozyeihwhCzKKbvnYaOPpVLxErUZzX8rxfpJZaJFKWFDiw9tv5fuBTiVu1fgo2HA4CCLSDVucVgrXrsEq_aQkXXsOerQxi8pDtunqVFIQKURamZ1aXGTPfYR1q_qA6HiArz0Z4yoLIMm9HxpLQU34Wgpph0LrOQ0GDUInhLUso1m82BN3xlpXc1WNB7gMlxxg34 tSC04YKTvxp6cIYY42Oj2Z21Q8Z8mgSb9KZkT ysuDlAqNYYJzV6UL2Zd2H9D_jJF64OcuR nGhM3l3zvsLRWpM9oZk68cTcUtChd2BcHqH_rGs3zj52lwsIGdX1HYmrUqkGc UYqMmg38a FiiCGl99zcY _C-GzMAAATiluPGOFocKSnp68EhBw5f1BZIFhAGG2NrKNFTb0w34Ahrug e563JcHU62JilCR8=-e

http://cdn.games4windownloads.com/WoTWy0zS RVtN8GFQX2UQmh0azMQ5pudaIZed_ZRClHtJKWFvAoOsoDwGMQD P6mV0inzoIUlfIqM3SR1LZQlPqr_AVdrfBeRHijdYTR33LKtjJFjR46BkvhhabTu 7udZodVxwwTcqHduoFZa1bED5UdSX0x3 yb2eEnafyWz108FByRz9rczJUj0HRE1X78aFISI1QO0sLnpGCr5OyHg6zg7rZ JxrI7QsxBeO01xYv8FjPvPVV2NLrQaNqOR LcLpLxGXrYlephdwZFrtYikPgQacwSaR02cEFWkCHRQmMx_IZtZP 4mIW_HjVmDRMNM8FS7W nakPeL69UPqcR B52CUnuKJ4_xVOzjUFqVJp1lst1rG5LksX2KC018cnBfrGNTC6fMGivUv23gXAUpqfUpi7qMuIWMGLrOOOVSuazbJesSdyR5F39Z2SsFcxtTh7GFB-GzMAAATiluPGOFocKSnp68EhBw5f1BZIFhAGG2NrKNFTb0w34Ahrug e563JcHU62JilCR8=-e

http://dc339.4shared.com/download/.../snow_brothers.exe

http://cdn.games4windownloads.com/WVl6OTRQVFJvU1RGNGJHUkxZek50VFNVeVJqSnhSREl3WVhFeE1FMUpSekJNYTA5UWNHNTFOSEprZUZodE0wcGtjeVV6UkNaalBWbERXVXBQWjI1aGFsbElhbWQ2U1hCTWExcFpaMGwwVFdkc1R5VXlSbFZDWkc5VGNISmxKVEpDVFU1dloxTkVURmhxU1U4MkpUSkdRVTl0VDFScmVWcHNaR3BEVFdSM2JYaFVhREF3UW5CR1YzVkZKVEpHSlRKQ1MwdFBhVzlzSlRKR2FpVXlSbTlITW10Q2QwRkZSM0kwYkdOak5YbDFaMVZSV0RaS2VtaHdRVzlMYTBRMmRGRlVUSFpQYTFKbGJuRkNkbWRJUm10MlRFRmFObnBPU2tKS2FqZEJKVE5FSlRORUptVTlNQ1prYjNkdWJHOWhaRUZ6UFhOdWIzZGZZbkp2ZEdobGNuTXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHWjJGdFpXWmhZbkpwY1hWbExtTnZiU1V5Um1Sc0pUSkdaMlZ1WlhOcGN5VXlSbk51YjNkZlluSnZkR2hsY25NdVpYaGw=

http://cdn.games4windownloads.com/ zImmLP2uHvh4d48FmroHCsNusg 7x3yZkA_kJ6mHPWHOfmSN2OxbfNE0dhfDj0rtBz83AV4Fk4DftxhFXanLTiSBDzVvoyHBJ_ NnTboe65wexcm3rkco6O BQyWD9ZLiuXdPiBOiFPCIkmHNMUAvhb_4mch9lU KN0uNt kCI9kdfLQ5lH1GqkOITL33bZ5AzOZ0xk-GzMAAATiluPGOFocKSnp68EhBw5f1BZIFhAGG2NrKNFTb0w34Ahrug e563JcHU62JilCR8=

http://www.gamefabrique.com/download/.../snow_brothers.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-ft0vvWGLTau6HL92UAkhnPSc53tYx20QFI9t91DXH_ph6VGvB0NzxtqNG_VLTmv7/messages/@.id==AHYLwQoAAKPZUS2-QAne_QA3T68/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYqiNpvRIS9kt1PkxhKqzwE4QS589m2ULn4HOf3kMCF_g&error=https://mg.mail.yahoo.com/.../iframemsg?id=f7136cee-079b-5ea6-05f0-4ef43aebb9e7&ymreqid=0acedfc4-f92b-8ae7-016a-6d0012010000

http://cdn.games4windownloads.com/c?x=5Rfy305clpBetaq7m5Syg9O1rxPl/joue4sT3PtVta4=&c=dVyqM YBDK7OXOyA2wO4Wwj9/b4yO9rYGCqMgiOV/SzO8oszP6tYGr15srIUDLGSoax6fBU1qeT7CySqstayAlSxtOs1308Wbp8kg8 T053jclX1toWehl1SpUZXt 5JnpvLeyhWo71gAHBckwE19Dii8YA 2l8HryBnrGS2WgE=&e=0&downloadAs=snow_brothers.exe&fallback_url=http://gamefabrique.com/dl/.../snow_brothers.exe

http://cdn.games4windownloads.com/WVl6OTRQVmhGTjFSNE1EZFJTbTF5U0ZCb1lqUTRWRkl6VVU1UE9IVkhSazlEWVhkTFkxRWxNa1phY0VwVlZFNVlUU1V6UkNaalBWUmhZVEpHYUhaWGREZDRPVTFxVEhwcFpHaEVlV2RMUTNrbE1rSnZibVpHUjNaSVZURmtiVlJzTXpsVlJGUlFjR2wwV1dWWk4yVkliRWhNVEVaSVNrSllSM1ozVW5OdWRYSTBkVXhtUkU1TWNUQlFhRkowVVZoS2VFcHVWRElsTWtZemVuSnRVRk5OTkdSUFFscGpVbWhvU2xKdGNqWnRKVEpDZFZodk5YQlZlamhNZVVwdWNGUnllSEJTTkV0UVJXc2xNa1lsTWtKQlIzbGxkVGhHT0hjbE0wUWxNMFFtWlQwd0ptUnZkMjVzYjJGa1FYTTljMjV2ZDE5aWNtOTBhR1Z5Y3k1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWm5ZVzFsWm1GaWNtbHhkV1V1WTI5dEpUSkdaR3dsTWtablpXNWxjMmx6SlRKR2MyNXZkMTlpY205MGFHVnljeTVsZUdVPQ==

http://cdn.games4windownloads.com/WVl6OTRQVmRsZVRscmVYcE5WbEpEYVhGeGJrVm1SRmd3V21GTWNVSmlSVE41U2tkWlZWbHRTMUV4WTJ4UGJtc2xNMFFtWXoxMk0wUnBXa1ZzUjJ0Qk4yOTFXU1V5UWlVeVFteGpkQ1V5UWtWeE4yNWlaRFJhWm0xdmNYQTBWSGRuTWxaQ1V6bDJaVWRPWVhObmNIQXlRbVYzTjNNek9VOUNkelJ2TVRSbFdGUk1OR3RpYVZFMFQwZHVXbmhuYVhWWE5qVm1ObUZhWVVzMVpIUTVZbWx2WW1OQlQydHFXbkJZZFVWMFVuSlpaM1ZTUTIxa2N6UWxNa1pyU1RRNVdYZzNabVEzZVdzbE1rSlBlR0p2TlhRNFYxbFZjbWRSSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYTnViM2RmWW5KdmRHaGxjbk11WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR1oyRnRaV1poWW5KcGNYVmxMbU52YlNVeVJtUnNKVEpHWjJWdVpYTnBjeVV5Um5OdWIzZGZZbkp2ZEdobGNuTXVaWGhs

http://cdn.games4windownloads.com/WVl6OTRQWGRyWjFWM1Z6Tm9KVEpHUVdsUWRuVjJOU1V5Um5sb2MyUnBkekJZYlVob1NYaFZiamh3UkdSVlNsb3lPRzFWSlRORUptTTlNMDQxVldoQ05VdFVNMDgwTlZneFpGQjNhR00xVTFSYVp5VXlRbnBhWTAwM2VVNUNVRTluUmxBM05XVlRSSFk1U1dsbUpUSkNNVEZtYkRsTldYcERialZLUm1SUVdWUmhXRzlwT0V3eE5XOW5ZMU5JSlRKR1dEbGtPWE5MV1cxRFNHbEJZbTk2TTBnekpUSkNkWFZRTWt0clVHODFSVXRGUm5FMVVXMUxkamRRU1dFeGVqSkhaVmRJU2xOWVdqUlVhMjkzYmpCWFRFdE9TVGh1WTFFbE0wUWxNMFFtWlQwd0ptUnZkMjVzYjJGa1FYTTljMjV2ZDE5aWNtOTBhR1Z5Y3k1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWm5ZVzFsWm1GaWNtbHhkV1V1WTI5dEpUSkdaR3dsTWtablpXNWxjMmx6SlRKR2MyNXZkMTlpY205MGFHVnljeTVsZUdVPQ==

http://www.techmynd.com/games/.../snow_brothers.exe

http://cdn.games4windownloads.com/WVl6OTRQV3B2U1ZKaFNFUXpkaVV5UmlVeVFsQlVXVkV5T0VaelYzSmFTVzlSVVNVeVJqQldla1kyY21kWE5ITkdZbEVsTWtKTmR5VXpSQ1pqUFhob1ptZEdhMVZHYVU1M2FWTXpSRnB3UkV4S1JIQnZZbVYyVjFreVEzQkxkRFp2ZW1Ga1ZtdHNiVWR2Wm5GRFRVbEZWMnhRTjBOR1QybEdjamcwTlhGMFVuaGFWbmx6Y25oVE0zVTRka1JZTURWNk1GRnRUamRXTW5sVlZFbE9TWEJqSlRKR1FXSnFha3hvWm5KelZEaG5WbU5vWkV0a05USm9WbTlyZVV4dGIyOXNOMEZwVURKYWNVVkhNazVKUW1KVVMxVmtNRmRuSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYTnViM2RmWW5KdmRHaGxjbk11WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR1oyRnRaV1poWW5KcGNYVmxMbU52YlNVeVJtUnNKVEpHWjJWdVpYTnBjeVV5Um5OdWIzZGZZbkp2ZEdobGNuTXVaWGhs

http://www.bestbundlesbulk.com/WVl6OTRQVkJYYm13bE1rWkdPRTFETVVKamJrTlRiMnRRTjFGT0pUSkNKVEpHVDFKV01IUkJOaVV5UW1GalluaFNjRzlJVlRWWVdTVXpSQ1pqUFU5RmNscG1aVEpWV1ZWa1drUlJibE01WVhaVlQxQTRaSFVsTWtZbE1rSlljRWcwU1dVMFRsVmlWbmh5V21sNE1WQkplbU5LVXpKTVYzUTJWbTB4UW5oT2RGSTVaelVsTWtKQ1VrVjFKVEpDWlV0aVNTVXlSa3h1SlRKQ2N6QTNXV3RYTVhaalZuRXlVMlUyYkdGdWMxTXdURFZ2VHpSYWR5VXlSbEJRWVdsd1psUkJSMFZWZFNVeVFtWjZVMkZNTVZKRGEweFVZamx6Y2xJMVJGVnJkakJMTUdaM09HY2xNMFFsTTBRbVpUMHdKbVJ2ZDI1c2IyRmtRWE05YzI1dmQxOWljbTkwYUdWeWN5NWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1puWVcxbFptRmljbWx4ZFdVdVkyOXRKVEpHWkd3bE1rWm5aVzVsYzJsekpUSkdjMjV2ZDE5aWNtOTBhR1Z5Y3k1bGVHVT0=

http://dm01.dmasti.pk/odl1/sx/.../snow_brothers.exe

http://www.bestbundlesbulk.com/c?x=j 8DAlqEvcyhj/KwpKAKJyxdj5go1ffG6EszyHfwgag=&c=DdMHKyiXe3TajvLQkcafLrbufDxUAfWNiO7kTMW9H7a8LRQZP6tObsbo92EA hPKnZItUSfw58f/JYIPAbDvLmISQPt2ZcEcjVrzmllkzOPIDZ5pBH5TN1 GzOj0YlMH8mIqyKFTcC Vq7kdQ006j DT5WD7aUakPg3p8Euqdr9DF2xoZ/dR1UU0B3Ae9tI/&e=0&downloadAs=snow_brothers.exe&fallback_url=http://gamefabrique.com/dl/.../snow_brothers.exe

http://www.repositorytodaypackage.com/WVl6OTRQVmhPVm10Q01XSjVZWEF6V1VkbVJrOWphbXRaY1ZSRmFIUmtUMGhvVVdob2VDVXlSbVp3WVRCTk9EVnZjeVV6UkNaalBXWjVlVU1sTWtJMFpESjZkM0ZQYzIxRGFFbHBVbVJWZFZwNE5tbEZTVFZvTlVWVWVVdHNabTVxZEdoV2RHSXlXVXAwV1dKM1NFTnBSa1p0ZEhsVk1reEdjMkpvY21aNk9VMVpOSGxtT0U5ak0wSWxNa1puTm0xVFdEVTNRakkyWlZKVVlraE5Wa3hWWTNsc2N6TTRVekkzYjFSRGVtaHBNR05KTUV0b1NtWlVRbUZDVmxscVVVVnZja3BTWjJVMFduWnpSbmhNUmtKWlpsRWxNMFFsTTBRbVpUMHdKbVJ2ZDI1c2IyRmtRWE05YzI1dmQxOWljbTkwYUdWeWN5NWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1puWVcxbFptRmljbWx4ZFdVdVkyOXRKVEpHWkd3bE1rWm5aVzVsYzJsekpUSkdjMjV2ZDE5aWNtOTBhR1Z5Y3k1bGVHVT0=

http://gamefabrique.com/dl/.../snow_brothers.exe

Remove snow_brothers.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.