» god-of-war-windows-theme-1-0-en-win.exe
Overview
Analysis
File Details
Downloads (15)
Network (1)

god-of-war-windows-theme-1-0-en-win.exe

God Of War Windows Theme

WinThemePack.com

The application god-of-war-windows-theme-1-0-en-win.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address static.5-9-51-208.clients.your-server.de on port 80 using the HTTP protocol.

File name:

Publisher:

WinThemePack.com

Product:

God Of War Windows Theme

Version:

1.0.0.0

MD5:

de5a51a75f0497224547967f579a8164

SHA-1:

fa2b8ab31113fa784fbadd64cd4e44389ff8228a

SHA-256:

f4438281645452fef0937098da5b6ccd856707777e1b89deae083b6dca4a39dc

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/26/2024 12:59:24 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

avast!

NSIS:Adware-NG [PUP]

2014.9-151203

AVG

Toolbar

2016.0.2906

Dr.Web

Adware.Babylon.15

9.0.1.0337

ESET NOD32

Win32/Toolbar.Babylon potentially unwanted

9.11530

Fortinet FortiGate

Adware/Toolbar

12/3/2015

G Data

Win32.Adware.Conduit

15.12.25

IKARUS anti.virus

AdWare.Toolbar

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.203.15707

Kaspersky

not-a-virus:WebToolbar.Win32.Conduit

14.0.0.1026

Malwarebytes

PUP.Optional.Babylon.A

v2015.12.03.07

NANO AntiVirus

Riskware.Win32.Babylon.dagvqx

0.30.20.1219

Trend Micro House Call

TROJ_GEN.R021B01CA15

7.2.337

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Conduit

39658

ViRobot

Trojan.Win32.A.Inject.25735444[h]

2014.3.20.0

File size:

24.5 MB (25,735,444 bytes)

Product version:

1.0.0.0

Trademarks:

Original file name:

God Of War Windows Theme.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\god-of-war-windows-theme-1-0-en-win.exe

File PE Metadata

Compilation timestamp:

12/6/2009 1:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:tHiZtvXyMlfVwYTZrO2jVt8Jfw36fa3Ebt8U9b:hiZEMlfVwYZJYfwKfaUuU9b

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9905

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file god-of-war-windows-theme-1-0-en-win.exe has been seen being distributed by the following 15 URLs.

https://dw.uptodown.com/dwn/DLTWSWfYdzdvkLI5bR6clt_gL08MuFMtqjqza33idGzd997Ul22EWxR9-L_aH-Bj52HZPXQG40urr3it4H_i71XjWmI42ItqvVwPmTj4az_WrLU4TJVYyg4D119jTozG/GcwMNmKcMXKHBEFrnfqX7JNX0wA93RGzp820jK-E6Hb_Pp5Md0Pj0YNVpoXEAOxP8N-zrJoDWlQz--IHS5QqfH1xd7O-ZbD0wIh3IrhXAbjXRHZ-pMSpiF6yOS6Wq9Qs/DKPj60X66D5-7kVOC2xqjWAr5DOqQFxlqhU__5UtCW9dkgltkfogKjrZF223DhqQJ1v6mAcSx2VXBhgVF8CTnahvCIxSNxwdOLYJcLKAksrLca835D7zfYemsQGTpRbT/.../

http://dw.uptodown.com/dwn/XeXmECdNXoG4veUFPv870YvkXLVpylWIopsqHSy5Ueq5Q6jcE-8fzwUTfvs8AEUzxP-NOsC9I0hkreDtPBscDMWiQHCxNusGLYnNXPZroUkC0rquQFkPBhBElh0HaXxk/PdP6CfWfB6EVhM5Z2ZebDjwBJyW7D_QmJiOv0i6CpXcRwvXTRUQ2FS-K2nHyongkgjqY_2Ctn4CFfx7wMjTJCSxVMpqL6Xb0tLMkiew1IxMQB5_wHIjyIDxinF4ykX86/03PRupwgH2dbKzABKhXh6LZw18YWQia6_lsjOYxr-HVh3ktjd5thALVJ4okKLAdowuY-7DeMru_0I6RFyb9BeNof2nQhfmh0uZ7xyv4OvfzhIeKDcntwIK_p_BeG9WRl/.../

http://dw.uptodown.com/dwn/t7DY1NdMAEgcM2o9LmfMp8RgRW_yPLsWMUg42LIxbokx0tqUywoIkHATRrvGRg4tGrgB3WsTlEVTiAkVULSo27Tq4G-l_CoTDll7iDwPMzZVqakmYRYHF6IrrWdTUZax/20pMAVZL-FIoMXkUKr4x4jDxpRxH_aigvg9n13QQC6HYf1KXkRGb3bKDO6KHrRlqEGDyXIzstp8BQtvcuMDHZoHKCkHJ6ALb0ETT0x6UQtEQQKSQSrMLC2tDx3aCaMVe/5yCIVReXe1MphDKIWsUIxBiI8GRZoCy4FMBqDEv4I7ga3UljEJzwI4S87GSzSOwaoWdnUb_he-J_hKNDeqLVYJ3O53fA3lwjOgSIFOF6zQ3i232DOMXDS9vFjrBgf2yu/.../

http://dw.uptodown.com/dwn/dmJZ0PllOz732jv-TXf6OxBMZti2oU-ny9XN47fjVT-FEYMKUdSVZvqTlKLiFhIZ2NesWw2b6iD_SngGmtlA4r3gnhCJei45GCdKIS7noWS_mNWYG-GRoSLmdd_P-Ywi/ma8ROkbnfFhNTGMhGviDnijzUV0CzeFnk2kl7C-6b5SNLsqh1fxMeWhKhUy2njn1MvXdvM7U6d5QjDJK3096JGN-lP-qc3DiHB8-ka5eKw2RhubwqMYOaLjqsWDPNM-8/HnW1LWJTNxAsQNPqF5rzWtC3NAUQLNH1vRGaQ5XfBG86GWtyRtPvQwTHRv_t-3C6M4JsB3-O9ti7U-lci8t-KG6ZQODS6rwBHDQvcztcf1puTy7Blxx6zwWexR6h6qDs/.../

https://dw.uptodown.com/dwn/vlv9pBNI8LdKdvkW96fWNOOvQeu2z4rDlsj6H0WFfwoks6QkbA6fEvUFH8cwe03eIdj_nOBuPucOhs3sFcYWoPMcGLVo7rdtbr0x2MNJAA99Iql2riRrJvMtAfUbqRCk/rLr9o69su4HTyfOgYpQQBWuhcnmjv2H-le0n9g_NF1Nqtlmd4Lyi5oNObcgb8LzmzqRIrfLqFsaAR8O4qsrVCSvoZnigOsq78mCpvLI67W-XZncEAr6fihl96OzRIAhB/pr050JKX98cRmqDqdl8cXytT82svyD73N0jttSVe3EHpbEIxZHlMSwdy1B4CkIz53amAvS3TDQeXANiemXTbbBvzRf0DmmSXywdjIqZ4pzYjsJTwrHpScPffXpAMsNpV/.../

http://dw.uptodown.com/dwn/eMwwhcxzxtrKpfwAL2YkSlBbIFU3mWwfAat1_CRoVlpPKHCblQGd3LhMbWxF-x7QcvHujq33UlZR-qLyS8_EhPwf9LeAT3-GPGlLTphYq-hr00cSTqXT4ZxnkB_crVu-/FlNy866owzTIjGPyixzJcrjyMLWFO64QCycN2BtU9tAXPSNXyJG1BxJM5VUI32zyHMLgt4wainOZPJRgzYl4VGi8kIxpcp5yLZpiCyk2lBsx5rOj39Fzt5T5Up4Yo9RY/rzHAblKDKAotvowu16FeXvg7fNO2Ykt1kcCucHPIjTKkK-PUnqVZhGCT0b6xzzke2Il9FZosde2zuT0X30l4NXcaOdESNVKNsXL66D7olMcfBqLcgaOrp_zG1_4FWBBj/.../

http://dw.uptodown.com/dwn/2S5kaVolAnDQw8c96qej5IQBPHjolTCKVgWSxCXatbonj-TeghY7NYGaKaqWvE7ECjG-nSNyGCD5mvCaSCi1rt0RDUkz0xe_nOxatf4ZyHQX-Ci_AHEMILwhBOBu0aPD/Cdl8h1ZYLRpligoXvqheG_CGFQiD-BeU3sgx-6X8ikoC2us2TKAOTj_Em86sC01ZyI2fRPb_0nmQUMO_pZhPBZxjWpgqTOztaaxLUsIKXJ5H0eRuhTK6fvWLCTD2Tl9y/uzmsx3gVC_aONVIJ-buPMqwr3ceNJWDKQZnK4n-C4X2Zsc8_DGEjH_FJYLWXdDzhlGlhtHMixewYT5bZRpSxZTGeCQdJKJEcxIhYG5miwrCQtyoMfeiEJjCs9iQqzGEw/.../

http://dw.uptodown.com/dwn/TsYY4nYPiXMvFI_d3UkoSy2OrgR2_8sHtn_lxFzDZum6GKK-x2wSMge_pVxPN4CqJboBIqg0nk2ZHcHmmSuJEX8W2Y3pKK4wcFaoFN1sHyCBitpl0FvYH5JMCRr2ralL/BNCzeNBxTH_evGKTvckjCjQzXeiRxfqwyX3y2YHmvQnEXp2Q50N66z4KqG_eo8vEfuPCn9ZlmayOxJF64yZ8MA6vXJAMFEP8_Ne8I48A8ntRGPJjwKn5TL86zofMPqK9/eH670oVm3Ob7XQ2GiJull7NqPZf45Y0gil5vnK7N192GeKfwlr-QbkRjvhKL2S1q7cBggW0zTk0gH-LnS93eLUQMzsz4PPVGmgacoVHLHZYi0A-CAAN33ND3osVDBwmd/.../

http://dw14.uptodown.com/dwn/kg82givph2qWqY_vJ9XeNafN6FrVG_DisuPoytwscB1BYzXI4knR0VLuRqAkWwQnDF4zpSEV_E5Df_Z7GgxEBDDEPFh9FkNLmBkpAq3Ehyju9zPMEYjM3a4vrfCMf-gv/-_S1zsOa2c08tYJM0EoRsmSNGwBEYps-ybzUrtcj1AQKpn8KK5uqEM9u_TPZ0LuR6iQDmHXUZkGFb1_2vAMuWCRa2_RutFSymbuh2Fo6sMFhC5lUGqqv0SmwqnplbNSu/PxsNSetcCcuIX8FZG2P7wbEsJoSlJFYXHP8lzgVMxpyzdAsm3p7hscr-7AwzvAPWrgCBRx2p_DS9RhIn3RPWAKeG9I2Y_LqAf6sZaMah8vZBfyVz-aOxZajXTxPgwBxW/.../god-of-war-windows-theme-1-0-en-win.exe

http://dw.uptodown.com/dwn/ztN3sSry_U1Ll0GwXRtM01EHRfwaGCbFWItS310_2JgXv6YR_OAXxrabfWYug004kDeS-fENVCa5oA1ugz_Q3-w8FazMnssRyVgx4GkeqAgLD7xOkdZHzpJ95rLhsmym/Mty49mcF_gZCb2h5uqT1ggmlpXtXxQziP7AUFZCEG8y38Vj2ZtNsOPc2GI2_9R5q9hJkm4IGSKqeFQM0xaFUpGpIySlxXldkTo89wA_v7ooa1oyTovpKxz3dteopx-RY/V6Oa3x5AfGZLygxUQklx-9L3InZZoUzQYqx-NAZQjfZ_4yTEU31w8CLm-zY8_LioWszrhZTQX5IWfs0y0IVxOQY829p50W_eBmYy0luUuxcybRgw1EnKDBEW15SjQw5z/.../

http://dw.uptodown.com/dwn/RYOyxWAJX3Pefg1qDjmBw5uAvCA1lkdeM4mGiViWEXmgDXIpbQmcOSY6B7FizATRRjcNGNVQe5L_-0kcz-UMiGi1evs7uOeU5pQO0peQJSSVkJPvkbIPgY--3iFbkeos/DCgxrqZJ1GqQSWn5crkS0plvVGYOFSyiKfA5wYe-dWLv7nYekps6VPHtFh9kd_BJ0Vo0NAQOibIjL1Dzp_b_dCPtdTAJ2pa-mGRbQsJda0ggMFgNK78FOMTlN_0H-9wz/aunea4TG-nO2Mj2eLFFsTUhYdQPeGg7z5BbIGsqqKy5kY0k0-IJ0mPe-fxGelc4oWk6a4_CWJvgGtnLEHkuB8UBfq0rJAcpylbiEeh-YSZy1pUVM9LDEmw9kOK97tB_F/.../

https://dw.uptodown.com/dwn/l6KSr2nYdQCav7yYASzFMuaE-m59dJ-vJ3SSGV9nROXdL1f29r_e2prfw1UGVRFP4TybAWONgNHrHNSQyQ2dA3SSNGTKy_s4B9qJcS1qxQ3n69oFCvwgtFguBVDiD92Z/vVR2okTPM2v0v01RERd6mhJHerlC_fMmJhAlHbBLoVmC0UTKURj6Ti-Hg_m-e73XgWX7s62NVdthhnqJdFTR6DbkzGVnEuEFLkv8tczZYI16Dzkhulz-g5B0HojwdC_M/EjOSbnjkK1vGVMjJlNZfnOxZkhSa8ak-9NFdruFX3TD-i0YbxYt8hhtewzkc2HWyCxIqJcg054J6cnEug-fAnEkJ_6znB-g8RM2nbGaB4ZMPtmN2C4Su51TI-yR6U4j2/.../

http://dw.uptodown.com/dwn/ZaIZDF3cEaW1mo3ejyjLlJO2405pPaydAzMTFcFA61G0_kFM-ffUn0eJNINd-bf0bvos4Jr55bTZOB0FOB4TBmnLMrVwOul_L_nhYitjklbuGg8pDSBU1nEEEH-jdnOv/b7WYowQkNIY8q_SOzdSjCPY2_3423rR1ncvMvHoNmpqBL7g0zyfRHPTApH6iYqiSxE9hlaRymCy4lErJsBwjgbKESVazaDN66rvIbPhNxGliIhqnD95XqFd42-uSLOXf/_1IYv2o9NxqkcPhWFkWFTSMsluEXX1Y5yPJLeVkU6-sen_vaRILJNqbRXdU9YXpKgtT1DNKYk1GmMKLBi7TJZnte6vlakcyUER7Qq7m5eASgYIN6doedLPYVeT2Uwo7t/.../

http://dw.uptodown.com/dwn/4cOy-qkywtp1RVboouoelNaqmSEGCFoEgi0orVo1Puve1w7nWT_0X6UCuFIH12Lp3wPIQC-JOncfmZWIT8daNvZ_ExqwWMB2xITCrZ_bUISK7YaNX8br96SO9gp5O62h/59eAB_z4ifjarR47hOmO_WWhUPo9-bVlj-3L9Xw1Jbtk4hCr3Zx_5RGghKSBPM02L1-1ZTOR6BMCjhinj700pvwrXs1D96qm0BVPQzSeVKLf_rtIXTAk-BGfeowVWhua/6k6hcl1GI1C5W7C5Jnw9umFqkgFNuE-UxsbP_xYtOf6I4zs_8_1XsuQVZhnswi1YYUY_Y-05Nn0FGK3NV7adj3jlQh29AX8d-rbtkEMcAp0IrRDj1jUdrn-NU5Qj6FVi/.../

http://dw.uptodown.com/dwn/X1h294TC-lffKfggLMEXeNHKflKDDnoB5sB5dLy3AXWZc6U_gkoiUlVSg59b6e0bWJPqtr98gfR9ylAypLU2G71i_2b58ZO6zVy87zuuis7JILGY7F0u-zM0kyK8YdxK/451za9rKY7RQBjzGBdN_UCokxCE4Z5jhKrNFBT2Z4keUZhSVpS-PSPcpciEuMP8F1P2CeYJBP5Ph3P5nGw1lM6_d40Xc2vTLePRv3i7VHSAGTgzfwJnJgOds11FXkU6_/.../

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to static.5-9-51-208.clients.your-server.de (5.9.51.208:80)

Remove god-of-war-windows-theme-1-0-en-win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.