home

the legend of zelda - ocarina of time (u).exe

Generic

Contas Premium Servicos LTDA

The application the legend of zelda - ocarina of time (u).exe, “Generic Setup ” by Contas Premium ServicosA has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address falcon606.startdedicated.com on port 80 using the HTTP protocol.
Publisher:
Installer generic   (signed by Contas Premium Servicos LTDA)

Product:
Generic

Description:
Generic Setup

MD5:
afa10fd9c01d4ffa5a06dc33fd26c225

SHA-1:
e6ad1caf375eaeb71abbf9050e848b1eda0b36c7

SHA-256:
b1f165a593fd036e3ffc4031c9b959d93d46c87547398e69153b840e4250a2c3

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/30/2024 10:01:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.A.2387
8.3.1.6

AVG
Generic
2016.0.3075

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15617

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.InstallCore.37
9.0.1.05190

ESET NOD32
Win32/InstallCore.XA potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstallCore.EG
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16273

Reason Heuristics
PUP.installCore.Installer
15.6.17.12

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41208

File size:
734.2 KB (751,784 bytes)

Product version:
3.7.6

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\the legend of zelda - ocarina of time (u).exe

Digital Signature
Signed by:
Contas Premium Servicos LTDA

Authority:
GlobalSign nv-sa

Valid from:
10/13/2014 6:12:04 AM

Valid to:
10/14/2015 6:12:04 AM

Subject:
CN=Contas Premium Servicos LTDA, O=Contas Premium Servicos LTDA, L=Maceio, S=Alagoas, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121123E475FA55B5D738E3D6E0303FE7EAD

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:r7vp3NdZC0ptDwNj7Ij6f6JVcsceQ3YzCIijK7Wcxnn7kKYkwlZsmlqO4K:r7vhNdUqtc0U6vmeQgCIid2nnV3wlZb4

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to falcon606.startdedicated.com  (69.64.36.141:80)

TCP (HTTP):
Connects to ec2-54-186-117-168.us-west-2.compute.amazonaws.com  (54.186.117.168:80)

TCP (HTTP):
Connects to ec2-52-10-189-255.us-west-2.compute.amazonaws.com  (52.10.189.255:80)

TCP (HTTP):
Connects to ec2-107-20-182-77.compute-1.amazonaws.com  (107.20.182.77:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.