» minion rush setup%ch_52ce2cd96c657630891331_.exe
Overview
Analysis
File Details
Downloads (2)

minion rush setup%ch_52ce2cd96c657630891331_.exe

3DIB Technologies

The application minion rush setup%ch_52ce2cd96c657630891331_.exe by 3DIB Technologies has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile. The file has been seen being downloaded from gfg4.info and multiple other hosts.

File name:

Publisher:

3DIB Technologies (signed and verified)

MD5:

6d450ce24ecd5a99d9f1250c56037ab7

SHA-1:

e59d96f4412571f2aad150039aa8102655706c13

SHA-256:

90380170ff57748e500f508ec0badbd56a3435bc461c47bac1d48da55a3b6194

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/25/2024 12:27:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.3DIBTechnologies.m

15.1.4.13

Trend Micro House Call

TROJ_GEN.F47V0108

7.2.158

VIPRE Antivirus

Marketscore.RelevantKnowledge

25370

File size:

551.2 KB (564,424 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\minion rush setup%ch_52ce2cd96c657630891331_.exe

Digital Signature

Signed by:

3DIB Technologies

Authority:

Thawte, Inc.

Valid from:

2/15/2012 6:00:00 PM

Valid to:

1/15/2014 5:59:59 PM

Subject:

CN=3DIB Technologies, O=3DIB Technologies, L=New York, S=New York, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6626F59AF881210EC8B4868BBC3B6480

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:45JXQu0q/+i24SW8UzJYmduTczYSwBoCMzJCVRJ4YLQu:4Mqa4hJcggMFCB4Yb

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9479

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file minion rush setup%ch_52ce2cd96c657630891331_.exe has been seen being distributed by the following 2 URLs.

http://gfg4.info/.../download?id=525ed14b76e33&cid=52ce2cd96c657630891331

http://getfungame.co/product/r/.../minion-rush-flash-game?direct=1

Remove minion rush setup%ch_52ce2cd96c657630891331_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.