» ubi41c4.tmp.exe
Overview
Analysis
File Details
Programs (1)
Downloads (4)

ubi41c4.tmp.exe

InstallShield

Ubi Soft Entertainment

The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from www.gry-online.pl and multiple other hosts.

File name:

ubi41c4.tmp.exe

Publisher:

InstallShield Software Corporation (signed by Ubi Soft Entertainment)

Product:

InstallShield (R)

Description:

Setup.exe

Version:

10.01.238

MD5:

2e16cccf18e26b3fe3aa7914b414efc9

SHA-1:

73421f30bf2bcb06c63b91f76aefc21d0ff69916

SHA-256:

8531fe8b916f0faeffc6fd10d45ac3ea538ae19422f524cda2a7bd14c3bef760

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 6:20:26 AM UTC (today)

File size:

115.5 MB (121,062,072 bytes)

Product version:

10.01

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\ubi41c4.tmp.exe

Digital Signature

Signed by:

Ubi Soft Entertainment

Authority:

VeriSign, Inc.

Valid from:

6/24/2005 2:00:00 AM

Valid to:

7/15/2006 1:59:59 AM

Subject:

CN=Ubi Soft Entertainment, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ubi Soft Entertainment, L=Montreal, S=Quebec, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

54FC113A74C899788402B7C0295EC09A

File PE Metadata

Compilation timestamp:

7/16/2004 7:22:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1572864:qh2d/1icy4NQuAVB7aQHmFO7mO8iwJnIjd25TiwEcO3wMH:H91bNQVBDz7mO8iwJnXXcw

Entry address:

0xC816

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, 50, 21, 41, 00, 8B, F0, 85, F6, 75, 08, 6A, FF, FF, 15, 4C, 21, 41, 00, 8A, 06, 57, 8B, 3D, 80, 22, 41, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 48, 21, 41, 00, F6, 45, E8, 01, 5F, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF... 
[+]

Packer / compiler:

InstallShield Custom

Code size:

65 KB (66,560 bytes)

The file ubi41c4.tmp.exe has been discovered within the following programs.

Tom Clancy's Splinter Cell Chaos Theory by Ubisoft

Publisher's description - “You are Sam Fisher, the NSA's most elite black-ops agent. To achieve your mission you will kill from close range, attack with your combat knife, shoot with the prototype Land Warrior rifle, and use radical suppression techniques such as the inverted neck break.”

www.splintercell.com

7% remove it

The file ubi41c4.tmp.exe has been seen being distributed by the following 4 URLs.

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxY0dwQ3JPZFkzZnhJemlPaWVDTm8zbEp2bU9PWUt5Z2pEd1hadTRiUm9xR3dvUTBaS2FOcW9MYStFMmZuVk56UjExaWhuK1FWU2JmQnVXNGw2bElYWDBxZnpnejUzUU15TVcrc2FzdHRjVjM=

http://download.fileplanet.com/ftp1/.../scct_1.00_to_1.05_euro.exe

http://www.moddb.com/downloads/mirror/79438/.../29921aa8347e03d5ba1e314ead658d50

http://patches.ubi.com/.../splinter_cell_chaos_theory_1.00_To_1.05_euro.exe

Scan ubi41c4.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.