» shovel_knight_downloader.exe
Overview
Analysis
File Details
Downloads (8)

shovel_knight_downloader.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 70ef.vd.aclst.com and multiple other hosts.

File name:

MD5:

304b2222f6ed4278ef7f272f1867bb71

SHA-1:

231d0e9ad44cccf675b93a64d7a754af10b315c7

SHA-256:

368f68c325921f8a849d6cb3de3c178c44fc98d018e21d19a07cf41fb0e92596

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 7:40:30 AM UTC (today)

File size:

4.5 MB (4,681,592 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\shovel_knight_downloader.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

98304:jFZ3RtF8DXtA2kYOCO9EoYts+LJnkUVkUvcx58AncHD5Z2w:rBtgkYEvYtTOqAcH

Entry point:

49, 44, 33, 04, 00, 00, 00, 00, 00, 16, 54, 45, 4E, 43, 00, 00, 00, 0C, 00, 00, 03, 4C, 61, 76, 66, 35, 32, 2E, 31, 36, 2E, 30, FF, FB, 90, 44, 00, 0F, D0, 00, 00, 69, 00, 00, 00, 08, 00, 00, 0D, 20, 00, 00, 01, 09, 60, DE, 96, 00, 84, 4B, 89, 46, 0B, 1D, C4, 10, 8C, E1, CC, 82, 24, D2, 69, A6, 9A, 4D, 7B, 49, A6, 9A, 69, 34, 32, 3F, E8, CE, CE, EC, EC, EC, EC, EE, CE, CE, CE, CE, EC, 74, 5B, 3F, FB, FD, 51, 9D, 99, D9, D9, D9, C6, 18, 76, 0C, BF, FD, 32, 2C, FF, FD, AA, B7, E9, 65, D5, 55, 55, 56, 49, 7F... 
[+]

Entropy:

7.9663 (probably packed)

The file shovel_knight_downloader.exe has been seen being distributed by the following 8 URLs.

http://70ef.vd.aclst.com/dl.php/.../Bomfunk MCs - Freestyler.mp3?video_id=ymNFyxvIdaM&t=eW1ORnl4dklkYU0tMTYwNDMzNjE0NC0xNDYxNDI3Mzc5LTgxNjc1MA==&exp=26-04-2016&s=e4b997ad0a26d7f2736865b8d1e9fef0

http://www.speedyshare.com/jJAGd/8ebd2601/.../Shovel-Knight-Downloader.exe

http://70ef.vd.aclst.com/dl.php/.../Bomfunk MCs - Freestyler.mp3?video_id=ymNFyxvIdaM&t=eW1ORnl4dklkYU0tMTgzNTA4MTU2Mi0xNDYyMzk2MTI1LTg5MzM3MA==&exp=07-05-2016&s=4675b66dbb3f64b48b7fafc7da4294e0

http://70ef.vd.aclst.com/dl.php/.../Bomfunk MCs - Freestyler.mp3?video_id=ymNFyxvIdaM&t=eW1ORnl4dklkYU0tMTU4MjIwMTU0MS0xNDYxOTUwMzI3LTQ0NTYyMA==&exp=02-05-2016&s=808b4f5c6ac71e1576996a33064b5555

http://70ef.vd.aclst.com/dl.php/.../Bomfunk MCs - Freestyler.mp3?video_id=ymNFyxvIdaM&t=eW1ORnl4dklkYU0tMTMzMDI4MDMzMi0xNDczMDg0MzYxLTk2NjY5MA==&exp=08-09-2016&s=dfea5f32d073932d8adfbe4585df87fb

http://70ef.vd.aclst.com/dl.php/.../Bomfunk MCs - Freestyler.mp3?video_id=ymNFyxvIdaM&t=eW1ORnl4dklkYU0tMjA5MTUyMjM5OC0xNDU5MzE0MDcwLTE0MzkyMQ==&exp=02-04-2016&s=76be47f3f42a2fcc5a18f34046b00511

http://www.speedyshare.com/jJAGd/e4135f14/.../Shovel-Knight-Downloader.exe

http://www.speedyshare.com/jJAGd/ae2387a5/.../Shovel-Knight-Downloader.exe

Scan shovel_knight_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.