home

super_mario_flash_v1.0.exe

Super Mario Flash

Nowstat.com

The executable super_mario_flash_v1.0.exe, “Super Mario Flash Setup ” has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d3.server905.akoam.com.
Publisher:
Nowstat.com

Product:
Super Mario Flash

Description:
Super Mario Flash Setup

MD5:
4d4f006d99497c45bca75852bd5978d7

SHA-1:
a1740fb5da5fabd3b984c47a971e8ba004632151

SHA-256:
0c295e2db8c5b444158d4c98a376c6deeaffca3c9fa1f9faec6f735c2fa19f73

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
5/24/2024 7:54:22 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.2791.0

VIPRE Antivirus
Threat.4721115
50222

File size:
2.4 MB (2,490,202 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:y2H8aYSdTa47jK+xb4Apmn6JP38dSC2/Uh8NXdLntaaUZTsFLCnOECvTI:jHz3dTauj1F4em6F38dSo0X9nt7eIonv

Entry address:
0x9B24

Entry point:
60, 71, 01, F2, 84, EC, C6, C7, 91, 0F, AF, D9, B4, E3, B9, 82, 3C, A6, 33, 72, 06, 30, FE, 08, D6, 84, C2, 4A, 84, E4, 8B, D8, 85, CD, 3B, D3, F2, 8A, F3, 8D, 05, 55, 8F, 3C, 7B, 81, E5, 8A, 36, 29, 29, 33, F3, 8D, 2D, 96, B2, 12, 82, 0F, B7, D1, B2, 25, F6, C7, 62, 81, F3, 81, BD, F5, 1C, 71, 07, 0F, BE, D5, 8A, DE, 88, EE, 81, FF, A6, B1, 00, 00, 76, 02, 89, F8, FF, CE, 22, F2, 46, E8, 00, 00, 00, 00, 34, 4D, 80, CB, 75, 77, 03, 0F, AF, E9, F6, C7, 64, 87, EE, F6, C2, 1B, 81, C7, 80, 57, 00, 00, 48, 84...
 
[+]

Entropy:
7.9957  (probably packed)

Code size:
37 KB (37,888 bytes)

The file super_mario_flash_v1.0.exe has been seen being distributed by the following URL.

http://d3.server905.akoam.com/dl/.../super_mario_flash_v1.0.exe

Remove super_mario_flash_v1.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.