» SallysSalon.exe
Overview
Analysis
File Details
Network (2)

SallysSalon.exe

Sally's Salon

GamesCafe

The executable SallysSalon.exe has been detected as malware by 19 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address 195.34.13.149.zylom.net on port 80 using the HTTP protocol.

File name:

SallysSalon.exe

Publisher:

GamesCafe

Product:

Sally's Salon

Version:

1, 0, 0, 1

MD5:

c7791721dec0ff3957f4933517f6e879

SHA-1:

42bb471ce495211aa92c9a37189ddf812465502c

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/25/2024 9:00:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.8388713

408

AVG

Downloader.Generic12

2016.0.2886

Bitdefender

Trojan.Generic.8388713

1.0.20.1785

Dr.Web

Trojan.DownLoad3.1495

9.0.1.0357

Emsisoft Anti-Malware

Trojan.Generic.8388713

8.15.12.23.08

Fortinet FortiGate

W32/Tolsty.X!tr.dldr

12/23/2015

F-Secure

Trojan.Generic.8388713

11.2015-23-12_4

G Data

Trojan.Generic.8388713

15.12.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

MicroWorld eScan

Trojan.Generic.8388713

16.0.0.1071

NANO AntiVirus

Trojan.Win32.Tolsty.vopee

0.30.0.296

Norman

Troj_Generic.DFNWJ

11.20151223

nProtect

Trojan.Generic.8388713

15.02.27.01

Qihoo 360 Security

HEUR/Malware.QVM19.Gen

1.0.0.1015

Sophos

Mal/Generic-L

4.98

Vba32 AntiVirus

TrojanDownloader.Tolsty

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38032

ViRobot

Trojan.Win32.A.Downloader.1468360[h]

2014.3.20.0

Zillya! Antivirus

Downloader.Tolsty.Win32.8

2.0.0.2085

File size:

1.4 MB (1,468,360 bytes)

Product version:

1, 0, 0, 1

Original file name:

SallysSalon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\gamehouse\sally's salon\sallyssalon.exe

File PE Metadata

Compilation timestamp:

7/23/2007 9:21:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:z/hz7EhQch+bXEuvnPEgYrqwuiox0bVQ+cl6L:z/uhBh56ni0UcoL

Entry address:

0x167000

Entry point:

68, 80, 70, 56, 00, FF, 15, 8C, 75, 56, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8923

Code size:

1016 KB (1,040,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 195.34.13.149.zylom.net (149.13.34.195:80)

TCP (HTTP):

Connects to a104-93-86-7.deploy.static.akamaitechnologies.com (104.93.86.7:80)

Remove SallysSalon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.