» vector_magic_keygen_downloader.exe
Overview
Analysis
File Details
Downloads (1)

vector_magic_keygen_downloader.exe

FairyTale Installer

CandyMandy LLC

The application vector_magic_keygen_downloader.exe by CandyMandy has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d.failsmail.com.

File name:

Publisher:

FairyTale Inc (signed by CandyMandy LLC)

Product:

FairyTale Installer

Version:

1, 0, 616, 1

MD5:

cb5056a7893541d85c2ccddc556bbf1c

SHA-1:

253fbfa6c866b07a44435d0add4b9cebb7450dc8

SHA-256:

95badf59d8af73d74e620ba40ca655ea01232bde30ae815ec22a095d75cf4af5

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/14/2024 9:31:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.586985

673

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.04.08

Avira AntiVirus

APPL/Downloader.Gen8

3.6.1.96

avast!

Win32:Adware-gen [Adw]

2014.9-150402

AVG

Downloader

2016.0.3151

Bitdefender

Gen:Variant.Kazy.586985

1.0.20.460

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.ExpressDown.ZMIL

21627

Dr.Web

Adware.Downware.11073, Adware.Downware.10690

9.0.1.092

Emsisoft Anti-Malware

Gen:Variant.Kazy.586985

8.15.04.02.05

ESET NOD32

Win32/ExpressDownloader.J potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Kazy.586985

11.2015-02-04_5

G Data

Gen:Variant.Kazy.586985

15.4.25

herdProtect (fuzzy)

variant of gta-4-final-mod-iv_downloader.exe (PUP)

2015.7.7.13

K7 AntiVirus

Unwanted-Program

13.203.15739

Kaspersky

not-a-virus:Downloader.Win32.Agent

15.0.0.543

MicroWorld eScan

Gen:Variant.Graftor.183147

16.0.0.276

NANO AntiVirus

Riskware.Win32.Downware.dpydrs

0.30.24.1357

Panda Antivirus

Trj/Genetic.gen

15.04.02.05

Reason Heuristics

PUP.Installer.CandyMandy

15.4.11.23

VIPRE Antivirus

Threat.4657539

39676

Zillya! Antivirus

Downloader.Agent.Win32.242550

2.0.0.2129

File size:

3.4 MB (3,565,576 bytes)

Product version:

1.0.0.1

Original file name:

FairyTale.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\vector_magic_keygen_downloader.exe

Digital Signature

Signed by:

CandyMandy LLC

Authority:

CandyMandy LLC

Valid from:

3/25/2015 6:18:45 AM

Valid to:

3/24/2016 6:18:45 AM

Subject:

CN=CandyMandy LLC, OU=CandyMandy LLC, O=CandyMandy LLC, S=London, C=UK

Issuer:

CN=CandyMandy LLC, C=UK, S=London, L=London, E=admin@candy.com, OU=CandyMandy LLC, O=CandyMandy LLC

Serial number:

100001

File PE Metadata

Compilation timestamp:

3/31/2015 8:19:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:u1jO0zYjcAf1qmS8tyLPeIo72pK8lCUVnDaa1i:n0zYAA9fttyg8wUVDaa1i

Entry address:

0x8BEA1

Entry point:

E8, 43, C6, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, CF, 4E, 00, E8, F9, E3, 00, 00, E8, 48, B2, 00, 00, 0F, B7, F0, 6A, 02, E8, D6, C5, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 98, 1A, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7849 (probably packed)

Code size:

794.5 KB (813,568 bytes)

The file vector_magic_keygen_downloader.exe has been seen being distributed by the following URL.

http://d.failsmail.com/j5GzUmHEpkkt2axYY9v6KGvFsiJ85q04K/XpfSL40WQq/tBxUaWLMkLp3G8a68lQHPqFBkCUlw5Eu5QLB9snB0yNYxErk1YPP4RoQnLecu8nn366YyZt7yVbdeApfBznNmlE8xF TO9Id0LyTGxV0DF/WtIcVEvSS3FuiQhNIN8hTyne4VsW1ekJfZn XCKc50xo9qV0d/qmdHP9qXlP4KxqELb9OAiozmla6M87SdfPOkLUhFBL3o5UTN MWLLFh1nkkvBA7Mv/RauKq0XSS gQ8jq37r9ot/CgO/.../foLyOl7H8r7pE8bLjYZhHp3mI=

Remove vector_magic_keygen_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.