» subwaysurfers_game_downloader.exe
Overview
Analysis
File Details
Downloads (2)

subwaysurfers_game_downloader.exe

Tucokiragu

File Validated

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application subwaysurfers_game_downloader.exe, “Tucokiragu Setup ” by File Validated has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallMetrix Software installer.

File name:

Publisher:

File Validated (signed and verified)

Product:

Tucokiragu

Description:

Tucokiragu Setup

Version:

5.6.5.6

MD5:

a1a132ca0b2d65e6b3f1d37e7772200d

SHA-1:

c5c019d6228f253cf6a0df0ffefed125ad86cb7e

SHA-256:

79390896cffdbefd7d6f37c8111a9f239ba659c1eddc84b176244a0e8bbba3d4

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/27/2024 6:35:33 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallMetrix (M)

16.8.10.9

File size:

933.5 KB (955,904 bytes)

Product version:

2.5.6

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallMetrix Software (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\subwaysurfers_game_downloader.exe

Digital Signature

Signed by:

File Validated

Authority:

GlobalSign nv-sa

Valid from:

2/2/2016 1:33:01 AM

Valid to:

2/2/2017 1:33:01 AM

Subject:

CN=File Validated, O=File Validated, L=San Francisco, S=CA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112127B04ABA745F034A3BB2B235BBD0A1E4

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:8+QypRuT+ElDwQuxkwMopm9kMNp8PV0fslvcAb+Hy:8l1T+EldDBo8rNp8PV0fseAz

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9338

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file subwaysurfers_game_downloader.exe has been seen being distributed by the following 2 URLs.

http://www.vaultsconceptsapps.com/qfEp 9vcXoHbowI_3d0ze0LYIBzlalNmHjCeHQKb_aRSyoJxbMwokaMSDv6eAWRpT8fVd0afS4mMKxERtWoxJeBDEfnMQQzmozusDLnVjgF6Y7V1zWlbYM8nXrx YW2GEVw6I838VBkvo__mB81vKbxqlVXnGmAxAh9BVRyJYhiP9DVwoHfP9flfq6IV3BtwdJV D_3TVjgDcueK6MIdWHPW2QPhmVsiVq2yG0z6DogVtLrRIwTBSycUc8JkigSRcMIB_8t2UsNmLVX0gDOmFx5jYPFVigPh9kx5qofYTf_mJxuduBKv6L6RiTpOvIO2CUqJHLAahbUgvvaFL7IbNdGwYI_3nhvxh_xhip9PLDZau288fFfjx7bC8kouTz5sq8AqUSoH1kmsEAWj1e6_6jwgIEzo0wrItkmgEYpfHi3QkkIaq854G6Hl5a6bVCk4k4NT7yTOjEEpGI1CBDkfQ53EHXXxctkEOmVxUJDKdo3tQNeF0RBzwu1yBCknEpehoGzIDNqtbXgRj16tvysQLTf22jZst6doxk8cdiHu0amtrcPn jIQOBbRaTDMmDlMqfYEV1uONxy6r4eVfpNpHKN 0tbHpQKneGyBGaVmjjynMWH apk=-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/kOjKtan9fZsy__aSn15bK6D9LWIZueyeLymC3Q xjuLQn0ZaMrurUkG9tomGIuFC5UpUuh1Pip1Y_0ZqwEGCosve3pgGAAsU10WiE2uWKCRsVBfdufx AOgXk3VfTq1FYPvK7v9YrWVTuyMbaM9edv39e_rmYF rcgxLc KbZpFOzrK1wlV4Xf5mye6rcSnbdWB2MYPIaGjlxoRfiS_V2p6dpLzTPNQFkaCr1lQOCFjMun0McodU0hEiKqkdizUC325qLMV8jeJFMeDT_POk2dpzyeX4wLOCQogAIPO1NJU1wfGC6FIs8AIAvTsVJPXNOs0Ozvxn55VIpBaoGf8QOiV6Th6oDegoDRDmjJYbm1V8f_10MlqBIt2ldhSuXFh5RCUWJUZH0iuGLgIc1jRyGS8c_TlrJaFIYM_lYEXQBP_tjsmcpodilTG6YspyKrdz57WM4VGIrNBQYD6Uadsy5ddpcTEWQmh10HzYEhyLiqA9EXvM3FTM BRVlmCaeIdBWPPqCZCCggNY1UfJ3zQWaVxo9TB3HsiY9Rb12NoPpIfinaXHIyPQJpGbd5WZ1B4vXN8tjoX USLtcOSNiMqOYiOXiOv_CnYsLVj31Ac9DoeDGq769c=-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

Remove subwaysurfers_game_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.