home

winrar downloader - jalantikus.exe

Application Internet Lite

PT MP Games

The application winrar downloader - jalantikus.exe, “Application Internet Lite Setup ” by PT MP Games has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.towncurrentcycle.com and multiple other hosts.
Publisher:
Lite Program   (signed by PT MP Games)

Product:
Application Internet Lite

Description:
Application Internet Lite Setup

MD5:
687e123d9b5a97d269bd3e8ee7dd263d

SHA-1:
21cb19b3d3c58f05e3fd15e08e3d010aac7e97db

SHA-256:
f9fffbbcda1fde114f7d323e9e8a43e48483fc5b6426b8a0e56b7dc868d519d7

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/30/2024 10:28:07 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

ESET NOD32
Win32/InstallCore.AFF.gen potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.installCore.PTMPGames.Installer (M)
16.2.6.0

File size:
1.1 MB (1,141,224 bytes)

Product version:
2.4

Copyright:
program

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winrar downloader - jalantikus.exe

Digital Signature
Signed by:
PT MP Games

Authority:
GlobalSign nv-sa

Valid from:
1/20/2016 5:49:25 PM

Valid to:
1/20/2017 5:49:25 PM

Subject:
CN=PT MP Games, O=PT MP Games, S=Jakarta, C=ID

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112196D38C2D01B48C24B0EE5080C33055F9

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:rSiP7OBJnBxNCgm4eXf5unZtUMypKEM2CnHohxy7yW:rnP7AVDrPdZhyFCnHYtW

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file winrar downloader - jalantikus.exe has been seen being distributed by the following 3 URLs.

http://www.towncurrentcycle.com/c?x=MlWRRamEt9VBImyh6qcVYeyHtowSrKtmPNpFo871hPI=&c=dd79YFABFFisLadtP1turB5iHudaGi n2Bo16xHMSq2xBumjuscz9TBNvHyetRZOf0D1sZihDOfHevzOVWJeOyzgV42ACWuawL7qqSTR9GyIHNydfkDramK5fIsIUSKi&downloadAs=WinRAR Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/94/.../wrar530.exe

temp:WinRAR Downloader - JalanTikus.exe

http://www.shareconecptfile.com/c?x=m5SEAU/0rDWyw3aksuCIDMzn57k4DMJYMKR44749oHo=&c=9GwBsddcFAEZzFEwXLc1f /v8ulGvbixssgJVOaQUV7oL EMbd cLDz/I0E4Cxh1/5LTfjWxV9u89YNMzY8yQTebjLtucFs3Sa5fj8YnG9DzByCSchfM7KJY5xltah5Z&downloadAs=WinRAR Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/94/.../wrar530.exe

Remove winrar downloader - jalantikus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.