» osu!.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (2)
Downloads (5)

osu!.exe

osu!

Dean Herbert

It runs as a scheduled task under the Windows Task Scheduler. This is the uninstaller utility registered in the Windows Control Panel for the program osu! by ppy Pty Ltd. The file has been seen being downloaded from cdn.portalprogramas-download.com and multiple other hosts.

File name:

osu!.exe

Publisher:

ppy (signed by Dean Herbert)

Product:

osu!

Version:

1.3.3.7

MD5:

a7168fcc7381f8997b9e24b87ab99078

SHA-1:

a71ced1b1f8909337e6f2739db48a894f0523cea

SHA-256:

7f6dae74501bc401d03064ace62ebbd9418839ba121cbad209cf8f2c8ce038fc

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/5/2024 7:26:10 AM UTC (today)

File size:

3.1 MB (3,262,024 bytes)

Product version:

1.3.3.7

ppy 2007-2015

Original file name:

osu!.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\osu!\osu!.exe

Digital Signature

Signed by:

Dean Herbert

Authority:

COMODO CA Limited

Valid from:

9/27/2012 8:00:00 PM

Valid to:

9/28/2015 7:59:59 PM

Subject:

CN=Dean Herbert, O=Dean Herbert, STREET=41 Gregory Street, STREET=Wembley, L=Perth, S=WA, PostalCode=6014, C=AU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FD15503D4AF404C84200F5CCC3C99380

File PE Metadata

Compilation timestamp:

4/14/2015 5:58:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:WMRxpYbh4WuSODARifEeO4BspMoXfXenBYSE/EmFOASQSCK4X5VpZ8:WMRxpYbh45FzfUeKZPXehE8h6Swo

Entry address:

0x1EFBC2

Entry point:

FF, 25, B2, FB, 5E, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 25, B6, 02, 00, 7B, 7A, 7D, 01, 00, 86, 03, 00, 15, B6, 02, 00, 00, 86, 03, 00, EC, BD, 09, 9C, 25, 55, 79, 28, DE, 03, AE, 2C, 6A, 08, 46, 04, 5E, AC, C6, 60, 77, 4B, EF, B3, D2, 52, 0C, B7, B7, 99, 86, DE, EC, EE, 99, 11, 18, 68, EB, DE, 5B, B7, BB, E8, 7B, AB, 2E, 55, 75, A7, E7, 82, 88, 71, 81, E7, 82, 4B, 5C, 1E, C6, 3D, 1A, A3, A2, 31, 2A, 2A, 51, A3, 46, 88, FA, 8C, BB, 89... 
[+]

Entropy:

6.3951

Code size:

2.9 MB (3,057,664 bytes)

Program Uninstaller

Program name:

osu!

Display publisher:

ppy Pty Ltd

Display version:

latest

Uninstall string:

C:\users\{user}\appdata\local\osu!\osu!.exe -uninstall

Scheduled Task

Task name:

{DA08B360-AF46-4FD7-84F7-08AA27AD7890}

Trigger:

Registration (Runs on registration)

The file osu!.exe has been discovered within the following programs.

DEVIL MAY CRY 4 TRIAL by CAPCOM

www.capcom.com

10% remove it

osu! by peppy

osu.ppy.sh

About 1% of users remove it

The file osu!.exe has been seen being distributed by the following 5 URLs.

http://cdn.portalprogramas-download.com/d/.../Osu

http://m2.ppy.sh/.../osu!install.exe

http://download2.getuploader.com/g/565bb9a1-93f8-4b83-8858-1681b63022d0/AliceSkin/.../osu!.exe

http://m1.ppy.sh/.../osu!install.exe

Scan osu!.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.