the_sims_3_lunar_lakes_crack_no_cd.zip_downloader_205b.exe

The application the_sims_3_lunar_lakes_crack_no_cd.zip_downloader_205b.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. It uses the ExpressFiles installer to bundle additional adware offers such as toolbars and web browser addons. The file has been seen being downloaded from cntb.express-files.com.
MD5:
402fb2e75d93fb98b62c08fd3726f32c

SHA-1:
030378d8dff9a98ce57885bff09f8a3fad14013a

SHA-256:
fc258ef9245403b723e2b8864d04f9be29bbfd78ba632a21c61c6b0b1b948058

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:10:02 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.15418

ESET NOD32
Win32/ExpressFiles potentially unwanted application
7.0.302.0

Trend Micro House Call
Suspicious_GEN.F47V0108
7.2.108

VIPRE Antivirus
ExpressFiles Installer
36480

File size:
1.1 MB (1,126,661 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\the_sims_3_lunar_lakes_crack_no_cd.zip_downloader_205b.exe

File PE Metadata
Compilation timestamp:
6/26/2012 1:55:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:B5mh3QoTTUoublS0Fv1Gi9rAhBovzgs21wlGhS264+fVT+d:BEh3dTmvFvwi9KoLq1uGhSI+fw

Entry address:
0xAB41

Entry point:
E8, C0, 55, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, 66, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DE, 48, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, C0, AC, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Code size:
95 KB (97,280 bytes)

The file the_sims_3_lunar_lakes_crack_no_cd.zip_downloader_205b.exe has been seen being distributed by the following URL.