home

super_mario_bros.exe

Internet software

Program Web

The application super_mario_bros.exe, “Internet software Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bodyvaultsrepository.com.
Publisher:
Program Web

Product:
Internet software

Description:
Internet software Setup

Version:
5.3.2.4

MD5:
12eef23775f3bf8861646bdc6b1212c2

SHA-1:
0f964648990f097f1e169cd42ce1623c31ddc099

SHA-256:
68a8dc39d774aee3dc2a5d26ba3ebafeba11a0a13508fdaac3ed9182e963516d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 1:33:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.2.1.9

File size:
977 KB (1,000,408 bytes)

Product version:
1.2

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\super_mario_bros.exe

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:F3K7ejdUDFt+06XHa37xSAYwg5XsRmhc3N/cIyEBDgRyUD:F3mCdUht+06XaF50zq/xBcD

Entry address:
0xA5F8

Entry point:
81, CA, 18, 25, 7D, E8, 68, 4C, 7D, 66, 00, 55, 80, D3, C4, 34, B1, 0A, F4, 81, F1, 61, E5, 00, 00, 81, FA, C4, C7, 00, 00, 70, 0C, C7, C5, 5B, 27, DF, A5, F7, C3, 47, 43, 57, 9E, 0F, BE, FD, 0F, CF, 8B, F3, B9, F9, 88, F1, FF, 81, FE, 01, A9, 00, 00, 77, 0D, F6, D0, F6, D3, 8D, 05, 5B, 26, FD, 22, 0F, AF, E8, 81, F1, 9E, CB, 00, 00, B0, 09, 81, C1, 99, BC, 0E, 00, 80, FB, 56, 88, EB, 81, C1, 37, F4, FF, FF, 81, FB, 52, 28, 00, 00, 74, 06, 69, DB, 17, 2F, 98, 9E, 81, C1, CA, 0B, 00, 00, C6, C3, AF, 4E, 70...
 
[+]

Entropy:
7.9377  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file super_mario_bros.exe has been seen being distributed by the following URL.

http://www.bodyvaultsrepository.com/c?x=oku5Zm7g XEGkkI4hmb6Vis45aC1UddutM5ImfJGy Q=&c=fWvb4OCcFUJwrlDBiNbibbO460 1CNl79hmqAr/YobAw1XU4/goCaMiZ3MyhKXyvpMYmpEm8kM1ofpiz2TGax2xIUlXFk3KRkYT/JiSkFTOUQ5n8OQbx8YduXtUsBTV6S2NnLpUMsAyrWx9uNKk9w1GK JWE Ue8YCR5yysloZ8=&downloadAs=super_mario_bros.exe&fallback_url=http://gamefabrique.com/dl/.../super_mario_bros.exe

Remove super_mario_bros.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.