» ps3_emulator_v.9.0.rar.exe
Overview
Analysis
File Details
Network (3)

ps3_emulator_v.9.0.rar.exe

Installer

Via Advertising Group

The application ps3_emulator_v.9.0.rar.exe by Via Advertising Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

http://spring-files.com (signed by Via Advertising Group)

Product:

Installer

Version:

1, 0, 1026, 1

MD5:

da96ec8989153b1e2d86f436f734f84a

SHA-1:

e24029434210ac2c855f640700c5f7cc7a870420

SHA-256:

d2abf28bbe1e497fc35c1f48fdcb7b5df76787f77483a34b25f4cb5a749a4a9a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 11:07:24 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Via.SpringFiles.Bundler.Installer.Meta (M)

15.11.29.13

File size:

4.6 MB (4,867,968 bytes)

Product version:

2.0.0.1

Original file name:

install.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\ps3_emulator_v.9.0.rar\ps3_emulator_v.9.0.rar.exe

Digital Signature

Signed by:

Via Advertising Group

Authority:

thawte, Inc.

Valid from:

3/10/2015 5:00:00 PM

Valid to:

3/10/2017 3:59:59 PM

Subject:

CN=Via Advertising Group, O=Via Advertising Group, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7EC3BA18EE92A6F0F46CF856A9C4C161

File PE Metadata

Compilation timestamp:

11/27/2015 2:39:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:XML13ehRTsBFsPl5mqjltdYZ/VYyJyg6OXajgc5Ra/AnEp1yDkQuhxhbjQZ+jexh:8hWBCF4l5VXaRydXd4Anm1y9Q7Mxxh

Entry address:

0x7E9000

Entry point:

EB, 08, 0F, 0C, 4A, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1D, 1B, 00, 00, 01, 00, 30, 82, 1B, 19, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 0A, 30, 82, 1B, 06, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 20, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 11, 04, 82, 0F, 0D, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 09, 00, 00, 00, 26, 00, 00, 00, 01, 00, DE, 49, C8, 92, 23, CA, 6C, BF, 97, EF, E8, 95, ED, 91, 8C, BB, B1... 
[+]

Entropy:

7.9888 (probably packed)

Code size:

1.2 MB (1,237,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove ps3_emulator_v.9.0.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.