» stuntplane v100.exe
Overview
Analysis
File Details
Downloads (7)

stuntplane v100.exe

3DRad.com

The program is a setup application that uses the Inno Setup installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.gamegratis33.com and multiple other hosts.

File name:

stuntplane v100.exe

Publisher:

3DRad.com

Description:

StuntPlane v100 Setup

MD5:

9e5d7734970845a4909c62802331984b

SHA-1:

18db8fed6a34e1fe9a04aea567837d9c8c1c10f4

SHA-256:

a27fb5bec54d6931c337f386f40cc33a3609cc73a00dde0c5abe52d11c7ae384

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 5:30:55 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Downloader.Generic10

2015.0.3352

Bkav FE

W32.Clod693.Trojan

1.3.0.4959

Comodo Security

TrojWare.Win32.TrojanDropper.VB.sx

18984

NANO AntiVirus

Trojan.Win32.Refroso.tvfpt

0.28.2.60990

File size:

12.7 MB (13,265,526 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:82I28jAEeN8ELyD63VwyVxri/522P2jdjE:dI2mCzyD42Crih72jy

Entry address:

0x98D8

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, EE, 97, FF, FF, E8, F5, A9, FF, FF, E8, 20, CC, FF, FF, E8, 67, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 82, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 38, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 9F, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file stuntplane v100.exe has been seen being distributed by the following 7 URLs.

http://www.gamegratis33.com/take_out.php/7eda63f34193955f62c87a5096a551d9/526938596949326a316d6f694b562f5873692f7a4f732e3258382e764b372e307759/.../StuntPlane_v100.exe

http://www.gamegratis33.com/take_out.php/a7e8cf63b0d2f9256b16612f68752552/5269385969477968306d706b4c472f5873692f33562e79792e59412e3748/.../StuntPlane_v100.exe

http://www.gamegratis33.com/take_out.php/c315e24b2f44d2e71fb10a4621928b5f/526938596a4c796830796d6a4d472f5873692f33562e6f712e5945772e473035/.../StuntPlane_v100.exe

http://www.gamegratis33.com/take_out.php/fcc5eeb42ff6f9c7a1e9baeaafa059e1/526938596a4c796c30706f6c48552f5873692f33562e797a2e5a452e774736/.../StuntPlane_v100.exe

http://files.downloadnow.com/s/software/11/10/07/.../StuntPlane v100.exe

http://www.gamegratis33.com/take_out.php/3151523f3e3bdb19e14804d41ee58888/526938596a4b796b306f706c4b502f5873692f71562e7a782e65342e774835/.../StuntPlane_v100.exe

http://www.3drad.com/.../StuntPlane v100.exe

Scan stuntplane v100.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.