home

ppjoysetup-0-8-4-6.exe

The executable ppjoysetup-0-8-4-6.exe has been detected as malware by 16 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program PhoenixRC by Runtime Games Ltd. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
9ad5e1af79a62e164124c22ca3c7b7b8

SHA-1:
1e8f831fcebeed49f23c30385754a816333919cb

SHA-256:
c38f1fcf1a2d5b1cea2d24d47afdc38ca6b27e12436b94d038e0859fa07fd2b0

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/28/2024 6:37:43 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Agent
7.1.1

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.14713

Clam AntiVirus
Win.Trojan.Downloader-2669
0.98/21411

Comodo Security
UnclassifiedMalware
18843

McAfee
Artemis!9AD5E1AF79A6
5600.7070

Norman
Smalldoor.QJTU
11.20140713

nProtect
Trojan-Downloader/W32.Agent.2178419
14.07.11.01

Panda Antivirus
Generic Trojan
14.07.13.11

Rising Antivirus
PE:Trojan.Win32.Generic.12629311!308450065
23.00.65.14711

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen
10485

Trend Micro House Call
TROJ_SPNR.0BJQ13
7.2.194

Trend Micro
TROJ_SPNR.0BJQ13
10.465.13

Vba32 AntiVirus
TrojanDownloader.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31174

ViRobot
Trojan.Win32.A.Zbot.2178419
2011.4.7.4223

File size:
2.1 MB (2,178,419 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
6/6/2009 11:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:BBf6E2IcUJWvCSvyXUhQoBjON/F247ZdTJ8u:PT2fyXUC2jQ/g47F8u

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ppjoysetup-0-8-4-6.exe has been discovered within the following program.

PhoenixRC  by Runtime Games Ltd
Publisher's description - “Phoenix RC Flight Simulators are realistic flight sims that will teach you how to fly an RC airplane, without the expense of crashing the real thing while you learn. Phoenix is available in a version with a real RC transmitter, or in a version where you use your own transmitter.”
www.phoenix-sim.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file ppjoysetup-0-8-4-6.exe has been seen being distributed by the following 5 URLs.

https://fs13n2.sendspace.com/dl/f8ac02f1b85bf84fedcf16a2dbf89f3d/5857fb8a69978dad/.../ppjoysetup-0-8-4-6.exe

http://www.mrwonko.de/.../ppjoysetup-0-8-4-6.exe

https://steel-batallion-64.googlecode.com/.../ppjoysetup-0-8-4-6.exe

https://motionmote.googlecode.com/.../ppjoysetup-0-8-4-6.exe

http://fileshare9010.dfiles.ru/auth-1396786856adeda4e922c5057422cad8-83.139.147.60-1400941367-54019505-guest/.../ppjoysetup-0-8-4-6.exe

Remove ppjoysetup-0-8-4-6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.