» burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe
Overview
Analysis
File Details
Downloads (2)

burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from app.popitv.com and multiple other hosts.

File name:

Publisher:

Popi TV (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:

Setup

Description:

SetupPopi

Version:

1.0.0.0

MD5:

7d1cf63f080a8dd0fe872a1084d47e66

SHA-1:

c610d299c4bbb3b5573c0469111f7dcb3c8cadbc

SHA-256:

a1be26854e05025ee67c0e2eeabe801eebad7c63e4a7c8f404816d0c58b3ca84

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/7/2024 9:30:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.Amonitize

15.2.14.11

File size:

535.7 KB (548,568 bytes)

Product version:

1.0.0.0

Trademarks:

Popi TV

Original file name:

SetupPopi.exe

File type:

Executable application (Win64 EXE)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\downloads\burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe

Digital Signature

Signed by:

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

Subject:

CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Serial number:

00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

12288:og3hO+I6f7b/G1sGdUmx/bwnwccYnof7BgieoPIg3hO+C6f7bPM:oQPP/G2mWnwccYnc1XeogQdPPM

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

The file burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe has been seen being distributed by the following 2 URLs.

http://app.popitv.com/downloader.aspx?filename=battlefield_1942nin_oncelikle_co&s=0

http://app.popitv.com/downloader.aspx?filename=transformers_the_game_oyun&s=0

Remove burnout_paradise_the_ultimate_box_multi12prophet_oyun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.