» bejeweled2setup-en.exe
Overview
Analysis
File Details
Programs (1)
Downloads (6)

bejeweled2setup-en.exe

PopCap Games

This is a setup program which is used to install the application. The file has been seen being downloaded from baixar.freedownloadmanager.org and multiple other hosts.

File name:

Publisher:

PopCap Games (signed and verified)

MD5:

764d8174025ed275a4889f289311a0a4

SHA-1:

69a66e2fc391ba6baaf7927018a1bdd168046120

SHA-256:

4d2ac59bc41f2e7e3509360b52caf0e906333c227592a285f79710b245eef697

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 2:46:28 AM UTC (today)

File size:

12 MB (12,593,800 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\bejeweled2setup-en.exe

Digital Signature

Signed by:

PopCap Games

Authority:

VeriSign, Inc.

Valid from:

8/31/2006 9:00:00 PM

Valid to:

9/21/2009 8:59:59 PM

Subject:

CN=PopCap Games, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PopCap Games, L=Seattle, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3C61DF38D5BB3836A8B44B985C504479

File PE Metadata

Compilation timestamp:

11/7/2008 8:29:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

393216:8VoRFlPV9q0/WMOWckwZrHBeW52u31XBHkys:nJPLD/zLc5dP31RHkZ

Entry address:

0x3241B

Entry point:

E8, 24, A2, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 88, B0, 45, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, A6, 7F, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, A4, 25, 43, 00, 90, 8B, C7, BA, 03, 00, 00, 00... 
[+]

Code size:

284 KB (290,816 bytes)

The file bejeweled2setup-en.exe has been discovered within the following program.

SnapPea by Wandou Labs

The software currently distributes the app through the OpenCandy monetization platform which is known to distribute adware.

snappea.com

25% remove it

The file bejeweled2setup-en.exe has been seen being distributed by the following 6 URLs.

http://baixar.freedownloadmanager.org/Windows-PC/.../GRATUITO-1.1.3.2523.html?acf034

http://data2.mujsoubor.cz/downloadFile.php?n=YmVqZXdlbGVkLTJfRGVsdXhlLmV4ZQ==&s=rl05gigjujv32sof13egfamk30&r=c2ebb1ccb74bf64043d4f738359a280f

http://dl-vip.appstore.baidu.co.th/.../Bejeweled2_1.1.3.2523.exe

http://downloads.popcap.com/www/.../Bejeweled2Setup-en.exe

http://downloads.popcap.com/download/bejeweled2/pc/.../latest

http://static-www.ec.popcap.com/binaries/.../Bejeweled2Setup-en.exe

Scan bejeweled2setup-en.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.