» monopolyhnsetup.exe
Overview
Analysis
File Details
Downloads (85)

monopolyhnsetup.exe

SpinTop Media, Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from monopoly-here-and-now.ar.softonic.com and multiple other hosts.

File name:

monopolyhnsetup.exe

Publisher:

SpinTop Media, Inc. (signed and verified)

MD5:

e3dece6acb5b234c9feb822d08ec5288

SHA-1:

ec49f0acb1413e92ffc411505630fd1f0a68c403

SHA-256:

34859d38fe27d7f176d3d2544decc94661a54911cb77ca2e11651acff486bbf4

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 1:54:19 AM UTC (today)

Scan engine

Detection

Engine version

K7 AntiVirus

Backdoor

13.182.12926

File size:

15 MB (15,713,304 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\monopolyhnsetup.exe

Digital Signature

Signed by:

SpinTop Media, Inc.

Authority:

VeriSign, Inc.

Valid from:

12/4/2007 7:00:00 PM

Valid to:

12/8/2009 6:59:59 PM

Subject:

CN="SpinTop Media, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SpinTop Media, Inc.", S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

432687C7306C81A27D9C1B28C9CC77C1

File PE Metadata

Compilation timestamp:

2/17/2007 7:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:Iue6HqpIOzJjByxeE4frcz1NAeZpjkB0g3vwUzZbCSQ:06Ol0kbzcDPqBF344QX

Entry address:

0x354A

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 14, E0, 97, 40, 00, 33, F6, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 53, FF, 15, 80, 72, 40, 00, A3, 90, 5B, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 04, 42, 00, FF, 15, 5C, 71, 40, 00, 68, D0, 97, 40, 00, 68, E0, 52, 42, 00, E8, 5C, 29, 00, 00, FF, 15, B4, 70, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, 4A, 29, 00, 00, 53, FF, 15, 0C, 71, 40, 00, 80, 3D, 00, B0, 42, 00, 22, A3, E0, 5A, 42, 00, 8B, C7, 75, 0A... 
[+]

Entropy:

7.9984

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file monopolyhnsetup.exe has been seen being distributed by the following 50 URLs.

https://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKOHnp2gk5s=

http://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaKn6KflJQ=

http://monopoly-here-and-now.da.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fl6aLpqSnlps=

http://monopoly-here-and-now.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaKKpaChlpg=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1485239726&Signature=E8Lel~OzeCfWZZFEhnIs8z1wC0u5N4qACcKU50qgXwAgV~WOT9gYKus6lvWPP12vAxyOZZ1TbkgfBGYEJRSU26pTThuAFMDJ1ePybR49Iq5gQMv91yNyDQ~8wirgZI5cyGElp3rjDSb4hzGP6Je7MO1~xywP26sVm0INJQ7JjRU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

https://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKOIoqKkmZ0=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1484710018&Signature=Pmu5-KXRF784iAOw~Lk7ARM43Tfa9Wisfs0VGw48lbFW62uTlbgatJV7g~QvKuvUGZiQiz3G9i~H4FKr5n19jYIscddppbQd4w1My56PU~hDt-RwO89vtbsv~kK~kVWTCH1lH4BCQTaxLQKg06AfTN-HzQ-XjIh92e~3tPzYyp0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://ultradownloads.com.br/.../2,907577.html

http://www.newbinariesbundles.com/udbOA9qCrOEr XisInILBx6o6_pR8XZDc_kk2u2hAhjFFe7H2Iz025_6kkL5UtU_dO2M_5J2cDqC6XFQJ61lhYugaYVJRnTwht65EhOin9kSmTfdwkmp1W6L9Xp4o_bbHEXSkHzAAnD2f4ywFE6nw2egTbk1m_1H_xxxrXh0IUUfKt_d EerfFhiq75kfWyAAM5zymn4-G04AAGRyXWuL8FN56a_bTUghs6gksw30xuiF_bKs1RQ0ZRrN67Ju6_TD qv983ILc7n 5DTLRsU0 b9N3otuQe0SrgwuBFMU

http://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6GPn6WimJw=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1439977260&Signature=ZvjdCmqJa9erR4oVgfx4AR2rLXit5jEKpy91StlbFl2XbHdCra2WQZe9LucvACxukGg5bxJuTkGIP6-QkbNg5NOq17uRGbbg~OmISSGbhtkpD~Kx7rzmV~4fuEW4QxOuEkJp3z2EeNr9WoHZ0fDPhbxiroiMQ1pCfyNUVNJK7tw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1477986684&Signature=aQsGDj8lsWFxbGdDDAQButzMFLlRGVuj9phtymQyZ46k~Acq3gHe4UC1eGnUaG77VW0448vmTygIkkuaSNnYHpTpBHNSHJitkI2h4Yvc~MUr9ioECoeHVtZTCjUVcOMCF64EzL2LZdX9AqI4tJ-j21--Q6vtjkBidXDiykNVrfA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqWPpJ-gk5k=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1476945181&Signature=DNEnO83nX5oBXGBi9PPQlOr5wSy3seUe5UE1y7L8fErgWHXYFoCLcDHZqbdALrxwqu7EPVi0iV5VWBR2XdHBon84CbR4-UPgdvv4SDirF~pqQEUtfSRuCY5ODwvbW4wv53SRtdlo8cUTllCU5Q7-xctIaJbLnuUq2mmokk~O5WA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://monopoly-here-and-now.el.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnJ-InqSlkZs=

http://monopoly-here-and-now.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnJ-OpZ-lmpg=

http://monopoly-here-and-now.ro.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaOp6WglZQ=

http://monopoly-here-and-now.sv.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnJ-PnqKikZY=

http://monopoly-here-and-now.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6OJp5yhmJg=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1476980548&Signature=BJOb0ddjqz5VlsUQ2h-sf9jfiPTQjXKGYZ9Pya-~IlLekc7Y-Xp1ueIp69C9IOPNGMaTOg36Ln2br2Kz42k-C5vb8E6xtnZxi-kuYmXjImTmbweC~MWENtsJTE04oI1QgUDBwXBE3qgFrrnKlCUi5kDcMWeh75xaHggX08kk6k8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1477019885&Signature=aW9qYBQvG9ozHNzlj1wV6h1pxlZgSkGzH0gnb1oyl4ry2pz-rvpyM1R5gqMLi6reMg2Lsbcd6fObpXEhVULQNBcO~JpJ8iu2P~b9EhyPlL8feoQPGZWn64A~76VP0dGOUS7PCXIu3CTOhgehuIglNhYhBw0GTbehZVGxFqoAtik_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://monopoly-here-and-now.id.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eIn5yflpw=

http://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6eJn6Ohkp0=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1481417068&Signature=A7dmLhjYAwhuGMQKYemJn0tXo76NrtWfCEbdtrGGf6sEgAP65wHPVxFMWX4y0~N6Gl7-UtNNMx~1cNo7Nq9WQ1i6GCTmjlS9NNKoW44h5x5FAfOSMUDJrc61KBxxOWHmJbWdn0P24KulwcK8MMjmg-21oYTeS8XyCp18zaP0WLM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://monopoly-here-and-now.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6WJpqCimpo=

http://gsf-cf.softonic.com/ec4/9f0/.../file?SD_used=0&channel=WEB&fdh=no&id_file=59810&instance=softonic_fr&type=PROGRAM&Expires=1475577694&Signature=crRRNn8su5yGVdWx3LEU4E7qmRxp~sNCFBBm4qnTzk7T6-guWwV4ApoEN74iFdG-vkq5tVOhTgMWXdSEJhfLaWlN2LCkgZ6N2llTdSByTboTXai3lsRR2BCJwdLwjcq70mK5UzSX7pdKuNbduaLeLDmQ3g3qQ6kJCEhmmlTxJxw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=MonopolyHNSetup.exe

http://monopoly-here-and-now.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6iKpJ6hlJ0=

http://monopoly-here-and-now.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6WNo6OokZg=

http://monopoly-here-and-now.ar.softonic.com/start-download/.../28f1867e4b23d1027b8a08f5f408c259

http://monopoly-here-and-now.tr.softonic.com/start-download/.../dd8a1cb6c431c31a41073cf34742c221

Latest 30 of 85 download URLs

Scan monopolyhnsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.