home

Groove Monsters Mod Installer.exe

Installer

Product:
Installer

Description:
Skydaz Installer

Version:
1.0.0.0

MD5:
bd6c5faf6c4f293cd40754de0dcf37a6

SHA-1:
0b5226b47e8fb207be84e6934397f3d1ce497d3f

SHA-256:
7d1677ac0e58b4b1ed0231b189333733ea4e98ce9c74710868bed97997c26148

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/24/2024 2:44:50 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.MSIL.Agent
2.1.4+

Trend Micro House Call
TROJ_GEN.F47V0902
7.2.348

File size:
1.1 MB (1,140,736 bytes)

Product version:
1.0.0.0

Original file name:
Groove Monsters Mod Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\groove monsters mod installer.exe

File PE Metadata
Compilation timestamp:
5/17/2012 10:12:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:WLVrkhqI1xaCFnhLT5xJ+XXTUoCNLVrkhqI1xaCFnhLT5Y:WC1JxJ+XXTUFNC1J

Entry address:
0xAD7CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 16, B0, B5, 4F, 00, 00, 00, 00, 02, 00, 00, 00, BA, 00, 00, 00, 1C, E0, 0A, 00, 1C, BC, 0A, 00, 52, 53, 44, 53, A8, 43, FB, 2C, FE, 6C, E0, 40, 91, 61, 04, 64, 7D, E8, 18, C1, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 4E, 65, 64, 7A, 61, 64, 5C, 64, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C...
 
[+]

Entropy:
5.7189

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
686 KB (702,464 bytes)

The file Groove Monsters Mod Installer.exe has been seen being distributed by the following URL.

http://www.skydaz.com/.../Groove Monsters Mod Installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Scan Groove Monsters Mod Installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.