vv4setup_1_00_01b.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
MD5:
38b8d27b54d590d85013acbc2f413b9f

SHA-1:
07ffe9efe5b3b6246293e95e5089a3d39e155364

SHA-256:
3e23a5353b78943bd094abbd89748ee6c0ef240af5ed0c8b49aeb7690adfe979

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 4:48:52 PM UTC  (today)

File size:
70.3 MB (73,683,495 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\vv4setup_1_00_01b.exe

File PE Metadata
Compilation timestamp:
10/20/2006 8:20:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:oEBz+fTSjbEIfFyJCjtvJk6qGDOTkU6Ee/+75C/YWjMRbZwRRRf15Vc31RSnaMr:oEYTSjblfFyYxvq6qGq4Ee/+72YWwyRl

Entry address:
0x3166

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, F4, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 60, 98, 42, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 20, EC, 42, 00, E8, 23, 28, 00, 00, BB, 00, 64, 43, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, 0E...
 
[+]

Entropy:
7.9994

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file vv4setup_1_00_01b.exe has been seen being distributed by the following 22 URLs.

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_en&type=PROGRAM&Expires=1461005093&Signature=Z2xanMK2Czl0slWpdoPcTGp13AkXOENScEvj~LGqlE2eX0Bn-sepV9e9DgiWK7zalQLh23-fLW82aDeG-~MBJKA88d~OzKk9aRTJBRVMyOiKuD86s-0bMd~CFW97O9rnH4ZoyxV9pWWDxGwKzBpne-YnG3Yyags09c2N4X6zTQI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

https://virtual-villagers-the-tree-of-life.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN8EJnRARyiInv YnRfFE/k9JrfYo4GPZSyJb6LUPBvFeuFienIIaCkhHNNXNQ7E5t1leTw5CebLflj3rJTS/.../TJkSpS n7slU 7APw==

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_en&type=PROGRAM&Expires=1475129895&Signature=MGLcjQYzjDy15AeLfaqmn8G6-BMNun~Kxa~EUVWhHUb0KSk2skcF4f~CLz7ClZ7Lo-MVyR~a44nZPZJX~vu5a76D1q11u~Jhczmiqr~jxyN~shZxb~AZVsVETQ509mg0LWhtG78P2uVeb8Dy~8-4zLmbWtk40V8Kkn03q3NGDEY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

https://virtual-villagers-the-tree-of-life.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN8EJnRARyiInv YnRfFE/k9JrfYo4GPZSyJb6LUPBvFeuFienIIaCkhHNNXNQ7E5t1leTw5CebLflj3rJTS/.../TJkSpS n7slU 7APw==

http://www.cleansignsnew.com/c?x=MRvNVGpbaOf3btsDWeD7Lb1ZjB0Q5wXkQS2pBDxn Hs=&c=3m8 C6 Ige8oxZhvdU416N98FRN2PJ/VqT4a8VOxo8i6rgpWu4iSiQKz1LNN4 LF3dUd6f0/tcF5RoBamiolELcydmivhxLt1fGcUt83tulbLSPOQ1Ae0e2CoIV74Cc5c8aheErBU5C oqtIk6Uwv/M8baHC IlUGJVcowpS4P8=&e=0&fallback_url=https://secure.innodl.com/.../virtual-villagers-the-tree-of-life.exe

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_fr&type=PROGRAM&Expires=1475554045&Signature=MMwxj36hwX2PFnua~ITLKz4mR0tNps7qVodS3JlkHZGPHOJ4bKt32oSwB7b1OoCA9qLTTCbo4tWq-2GvO8vdqYC5xar4Sw3bPDKgF25Vh40T~XH2emkaEWOsowsdowtV0tgl5CeifrdaEhyBjTZKal0rIDKODeZ2-eSk6LoExeM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_en&type=PROGRAM&Expires=1478916346&Signature=eQGOb239N5jDak1aqv742Bn-jwytm5Wto7R4XAHrBYH1vbmo9oitmprRENU9nRjQlJj0eQk6n0jO86LebBmUFvk9fYjV57RANOWpITKGf~ppO8L4jdxtbeA5Yp2De3U36fStxnmOPQSbzK~0fw9uDDwYlCs6A9wvMAAc2nse49E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_es&type=PROGRAM&Expires=1479028285&Signature=KhGqqVB3RcXaPvAXQjwFMxp2sTz4rgeUABZuxMDJqVLC3BPNcuAySiRF5YHHXqbCNTxKwcwx5sv4Wl8Q4rjiRfzCBkEc-IwuHusWEFSnQ2Ogm79UFwVwbgzvRQSc1kZt4j2t6Um7isVEC4dfGWyNgz5hSbIKY8~d8cnUSrVdwnA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_en&type=PROGRAM&Expires=1470687211&Signature=UyQtLQL7E3RYPFQGMILWXexOliXnKBXdIsvh6U~K8pFGXUH0t~zMxHeD4IL2cB7C4HOATa1zFGCXCAXDlSLog2KdW9PCi1~L87dvzmUly7i0A1KYV3hT83oplCr7UDBG-PtMoBhZW0AJUwAM5jLyEuwajC80kU-vqlO~UQZiQN8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

http://gsf-cf.softonic.com/07f/fe9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=93393&instance=softonic_en&type=PROGRAM&Expires=1470146775&Signature=M-hUKPojpRMw5VmYaRcwsQX1dgsSipu6PA55VhH2ei5q5LOCa263TvBGxGjPAhhaT34ZjGB2pDKgC2LpcUCR-qWQYn8YTegDxOXrr4JrJltpOXqvT8o8aeZQatsqw5Bjruu~Plhde4uSe-3sRyHqmFfcNFQbGMnzHPpc7vjT2Ww_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=VV4Setup_1_00_01b.exe

Scan vv4setup_1_00_01b.exe - Powered by Reason Core Security