» thelastofus_game_downloader.exe
Overview
Analysis
File Details
Downloads (1)

thelastofus_game_downloader.exe

Sofef

File Validated

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application thelastofus_game_downloader.exe, “Sofef Setup ” by File Validated has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallMetrix Software installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

File Validated (signed and verified)

Product:

Sofef

Description:

Sofef Setup

MD5:

01b1eca72c87c3d03315e542b7f8636b

SHA-1:

e4019c1aef41d268a62ec2105d5ce7ff9d109cb4

SHA-256:

465977aeba2155becfedefd706d627990d370a0408503475299de61c143f9ef3

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/16/2024 7:46:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.13.21

File size:

1.6 MB (1,638,416 bytes)

Product version:

2.0.1

Software Internet

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallMetrix Software (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\thelastofus_game_downloader.exe

Digital Signature

Signed by:

File Validated

Authority:

GlobalSign nv-sa

Valid from:

2/2/2016 2:33:01 AM

Valid to:

2/2/2017 2:33:01 AM

Subject:

CN=File Validated, O=File Validated, L=San Francisco, S=CA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112127B04ABA745F034A3BB2B235BBD0A1E4

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9906

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file thelastofus_game_downloader.exe has been seen being distributed by the following URL.

http://www.downloadconceptscurrent.com/K4YAc9rUYknWKuibwAauv0eWM_WN5IVacFtuDgpIaFy3zqoU5ZlzSYIs_0LYVHU 3GzQ_bTHPLTAsMi55p6jaignPDIKkdY4gvQdR2So9HpvBQ pj2P3EKzkcgOWQpHi8DYO2b Gi6bE3ZGZFUGBGJWQK8UrM67DlNagja5XQ4usl TxjblbqeQVv2SrE6nUAPfHVGpfeauGrPgmQcCH3HUGWleW6aVJxVZM_lQt7UaqqEs _lezq4WLeAX9T1xnUrJC0RhveWCB3cAQnvAl5uAI8qiYP4RbUDN1jleRvI74RRPLWoKq7c06NeKivlNs06E3g90QZmpDI7r_HYqdgz7IMkyrfk7pyOBM1QtTY 353ks9vCwJ2vQXtYaq0q2WuInMv8q AZpaqcEarPNslkeH7sUgrMNCGQx0hxLgbitgu36SjBO GQJiFSIx2x7QAyLN9H qduD2w6 WLrEvn_AW7dVLf26kEY94Mm42C6xoHgCmiKfgeLJEk0nkhJPPKJf9JxI3Un6qlFORn4TkLrOGV1d18efQPa_AroY2BdQZUdxXDZNpD0701nGng0rIBjUZx_QN6MV6O8MJr4_7_Tg5viYq04ZSEL0JfeTZnlP3dslUgPXBK1S8uPyKpsULEwJn041hdhHyWPZaCH3oGoW5YzV0y_ZL5TFfAbUdxa S7ng8MLo=-G1UAAMTfZj9Or wnuE2RaRBExMGBQw4cvgcsgQTBxhieLUIv17juCZtB_2vHzfNIwW19X6SlMng5WEpBSs5QngxiaTaIWs0S9329Mw==

Remove thelastofus_game_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.