trivialpursuitdownload.exe

GameInst Application

Zylom Media Group B.V.

The application trivialpursuitdownload.exe, “GameInst Application” by Zylom Media Group B.V has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Zylom Media Group B.V.  (signed and verified)

Product:
GameInst Application

Description:
GameInst Application

Version:
1, 0, 0, 1

MD5:
11771a34d0ba1436ae88a265ad5485b4

SHA-1:
0ea499ecb0f295277799dfbcedd44c17ac72ef77

SHA-256:
ccdfd1b950dd5f975dc09640eecd97761a289452f4fd93d638e0fa293d90904c

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:12:14 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
infected with Trojan.DownLoad3.21432
9.0.1.05190

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.1.8.9.0

Malwarebytes
PUP.Downloader.ZYL
v2015.05.20.01

McAfee
Artemis!11771A34D0BA
5600.6759

Norman
ZylomAds.A
11.20150520

File size:
11.1 MB (11,658,736 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2004

Original file name:
GameInst.exe

File type:
Executable application (Win32 EXE)

Language:
Neerlandés (Países Bajos)

Common path:
C:\users\{user}\downloads\trivialpursuitdownload.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/28/2006 9:00:00 PM

Valid to:
5/20/2009 8:59:59 PM

Subject:
CN=Zylom Media Group B.V., OU=Zylom Games, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zylom Media Group B.V., L=Eindhoven, S=Noord-Brabant, C=NL

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5A6BA5D0C714EF1EE3D97BEA521A3221

File PE Metadata
Compilation timestamp:
5/1/2007 11:03:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
196608:ofb6s7mNZno+DQuJG6Qg+d955IVC1wbksF7sZ79DxVXvss6DHl:CK5jDQuU6O55ICZ7txVXvs7

Entry address:
0x2BCAF

Entry point:
6A, 60, 68, 20, 33, 44, 00, E8, B5, D0, FF, FF, BF, 94, 00, 00, 00, 8B, C7, E8, 09, D2, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 50, C2, 43, 00, 8B, 4E, 10, 89, 0D, 84, 69, 54, 00, 8B, 46, 04, A3, 90, 69, 54, 00, 8B, 56, 08, 89, 15, 94, 69, 54, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 88, 69, 54, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 88, 69, 54, 00, C1, E0, 08, 03, C2, A3, 8C, 69, 54, 00, 33, F6, 56, 8B, 3D, F0, C0, 43, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
236 KB (241,664 bytes)

The file trivialpursuitdownload.exe has been seen being distributed by the following 36 URLs.

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1482662753&Signature=HKuRDmLi9Bftzk84QYxbx3H~AbzmAE7NbC8Ip24k9Hnlhtawm5O-NRs17kZkED0q2TWdf8~LienQuxQFPCHmUYwExv2Pc85nLtNElq9qcLR2wABIHzYy~k3AVID5OAGBiKLlkLndC41GUOtojSjd4nCFLunLAB~fkxDxoq1hg64_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1440976663&Signature=iE3p3OKEzlSBpnaK6kAmIcHAe7D9M-R9uUPkO7~7NUJ7Biybpf~NzdrAHpe88WEzn7xSQF7gLdgV0k8KzmgKwI8zlDQShu9ex~7wlPevVB0iF~oHgde36WnHxKcqMd-ZnY7~7y9QOdh0svehhZeBtzu~lkebGciGtEgouE7PgQg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_fr&type=PROGRAM&Expires=1478486260&Signature=TpKszhr9H3E3Rr3ZbISFmUGNABhQK6Sb66quk3s3dwe6jD7TaQeu0u50tHGruiM66peKsyGpVmEUK0iwCrjCg~iScBVuYmDeFi4U9HG0slEVfBof4w0EmUGyqMpa0t4q5nSbfNMIQAbbNlxxTHLhOYgX2YzlpFG3WucjUya~AG4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1478504172&Signature=CSTRYsh3BQQwFRMGcCaBWq10x2IMdNUiIMhVR2HYyRoL6c9SChJVo~KpBJLKwn502j0GaWBZpoH8eDVQm~Vz7x9EzkcxvHMW4chMilhUimIpQMoHAafJk4DpB8w2DTcR8IZT92mX5c4fXVdZCcXPr9IDqqAYMZ7Fp0u45VQYlmg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1449462604&Signature=cgeA1r9ZEhAz6aciCIUxL0bDd2kkOhAUj8wVOYQDOSy-Jt2Aqa8EPfw1JfeN-U~hmH4xL9Mw1UBd3ePTWIoljvsiBC8-PVixP8cF5Q~oKamB~JNhPhn1686U2OEArIhmxHPsqJEL~NHn2dFtulN43~JjLDLQBkopEM10iQcHEEs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_fr&type=PROGRAM&Expires=1448841758&Signature=ChRNOhGyEwArG5HTZ6QdHf~BvbN-oD8vMIjry7jd-sMkpLwtD53qoMF8hqRKxYqdcjnCia3nKmitS2mQlPHt55hGozhwnwITkx1qgwMJEizI~KdbHEyrF0Ml~wgUDJ9udx23Q~dzWEw6lJnaJ9xkJ0IlPRHYMZgJNIBiNjG9Eh4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1477981341&Signature=Y9ju0AxlBe4PWwkdzMD7FOvGXfbylTA93xsZwYHGYSm6c~Br1SzOYrIa3QSGJzU-iWzNR7XE1yA1zqJL8J6bZfuFvfLA1-beTGqhMHKLuK09AUShUv7H7KhBNBzslqLLs0pBr2nEorJ-UBremWxzpLikZjaxstbAvCeheWPEdv4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://dw.uptodown.com/dwn/S988DQ_QU0iYM1JABsKXEaoBS5r-uIp24imgcoDk7HkQ-DuO3Ke8TjZXFv4lFQCvprGzZgqWAUIEkGDJY_vpDfsEypcfg9FNm45ja1iCwXhkOUHr5PH39sAz63d9pKoO/ZfeiC8XmZuzpRPBqRwUVzObV3gARmojH0NrOkUP5iichX7zVm2nBcWSHayUauCg9kUJMM19n6IT0M3Dhyl0Z6TryqhL2BhHO6HCAK73QuhDuQlIXxFtmvsmDaffCJ8zf/QQpToajMz3bRzVSoJJ4PIuZ1gRt3usrjNg4FlIG_vKTwSOWq_1vs6V4qyXewyn44V_tZ7LdOEuBbQFIQhIODwyrQzzOVTlsRlNpXN12KXC-H3ssPVwSe3TvC_qw0M04N/.../

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1472367880&Signature=cCvxV2JwgQJt8NAn2hXOtgJI~5iwHsVn89JdMZEa~Y1hxWVIFdOq-sL1USDBDkrgpmDSggk0GEhr3sxIGWan77gd--3HcdUOnWtBvt91hB9vIp67F7kEB77nY9HAs03MX-Af--5hlYYkvgSfb3ZA3j98Jq2~w4hoj0vlHLJYyOU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1477026957&Signature=c3uX631HTTL3mqDKuOkKe2J9aoAR5AbUqY6HzNjvvZLbqb6uDplofcX2ZFIAEGGvpdmLiIv0vv1p8Yl17rf-gwWrikmQOm58ry~dB6NZssloMIpzETSFEXFWIrz5jvZlpdwklwRfnXD8pcBhhQd5hSjIFNVtC~Bd3zw9TEJxYS4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_fr&type=PROGRAM&Expires=1445230852&Signature=CIOQf7ZBu-KaKGdbrfm29luOKqNlfeePSat9aNv0SxczVsHaXfxwG0oeQGq245URn2J29VA6Mx2XAngGiWB4fXZnc1iNHz8tvDAq0C1Gs-X959UkZ8DzmnG9T19cA1bUogp6T7dpJCc3HBks3nNdmsRyRGNDn0IMaLMH5m5eWL0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1461541277&Signature=Rmh8ywINj0F0YzAMpLG-H7nHjE8CNWUDzHndwQdq6H5JPtHZXOiHuBPAzrXis-WnyOFu1NQk4-NYiBn1HF2yL0aOqInK6wYSwrofqHozXa~Ni-X7ggOtdaxqhHjMiQqVrGKvfdxoPp-zZj9bf0C-Aun8fyzOqdjAhWsQdnnIVSY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

https://dw.uptodown.com/dwn/h10HleQ9f1MZCLhVDXHhGNPV1q-y_Vpd6_Ng3zfw63qUip5CaLWvrZBgkKycbaAUOVvCzP62QrAUVTw2Ek9X1D8F4qS5iaPf1S0Rv0w_tEKgF47bt23LM3wyEOCEF-0-/-f2vcAHiltKl09RjXHn1tO0Ln_T1ev-fxf-XLiJd-XCQObGq7_z9vbMER9N1j2_9lnWHyEAqYAMALmf7X6CefukICs_ZrJbHVD-wPLwpAlTJxCjB3Ulwn1dq43hu4ptn/E7vXKySntnCSsLwQ6gZlSx3NBHfucBbDkzBYU_qCCzgTY0M5QNYddlpjVfFEMnmJ5hpr0c2RfFZMs96rdBWuXZO5yReTo_MEleXGmSM87WOGcVFV-t0SfsVro3Lov6k2/.../

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1472683842&Signature=YxW8cvbUQKa0~9dv2RTAm-R9FYJiiXGwWXYALZB06Id7Es-MZ1SrwvQybH8wO9qcAoG9RCUbcZfYAhZuPyMIJVtnu239QV95z1uCvKifIR6XRJFeRiZINegh91~6L46JTzJqpDNaJBpPUlDAZcXhi1P2LGPxSDRLaZwXpWKTCmk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

http://gsf-cf.softonic.com/0ea/499/.../file?SD_used=0&channel=WEB&fdh=no&id_file=63439&instance=softonic_es&type=PROGRAM&Expires=1446958844&Signature=blfppa38EaXAZ0eDBkwjOUCaRMatceUsL0W6rEuLWukIkOztZRLimTdBnHl7Up0aDttTs9o9buEDMFiIlkGN6xLhQMEdTx4ydRD9aDgA8jjKdiKlOl-6g9w0rQK~EWRe30CwvckP5kBp5mXPEYsiNwtQgq5bkQgT5JGF8hF5R5Y_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=trivialpursuitdownload.exe

Latest 30 of 36 download URLs

Remove trivialpursuitdownload.exe - Powered by Reason Core Security