» universe-sandbox-setup.exe
Overview
Analysis
File Details
Downloads (13)

universe-sandbox-setup.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from software.thaiware.com and multiple other hosts.

File name:

MD5:

1955d19622a549c526711c2204e6998d

SHA-1:

b16fc993d973977d03387b1949bfe04db5fc2f2d

SHA-256:

6941f4998c8d31028e70cf62c5052999b1a15ee2d615f4eee31173d68cfa60b3

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/20/2024 12:49:01 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Trojan.Generic.3916787

8.14.03.23.12

File size:

33.8 MB (35,461,621 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\universe-sandbox-setup.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:DBWvAHYcdGmvCIZQtD0FzHbO38gE2nU+d+ehaA+1Ibty/NR1U:DBWIHmPIMIHbOs+n/dp+1uw/W

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9845

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file universe-sandbox-setup.exe has been seen being distributed by the following 13 URLs.

http://software.thaiware.com/download_url.php?id=3418

http://telecharger.freedownloadmanager.org/Windows-PC/.../GRATUIT-2.2.html?ac2eb69

http://descargar.freedownloadmanager.org/Windows-PC/.../GRATIS-2.2.html?ac2eb69

http://www.bulksharetown.com/c?x=HJ lXXexjBK/pBmXQKxZaimsBIxKMtsY6w/O0kWgvME=&e=0&c=a6W3UKFKqz5ScO0P1uC7AdSB48zM9w5JDy7o2qAJDx4xMDQqDFwApQvyMuz0xjzKz05gO1SqWUPVLZTVF20rRE/.../KxYE4z7OB8RFwLLOsM8guZTs8XS1NUmkQMo=&downloadAs=universe_sandbox_2.exe&fallback_url=Fallback URL

http://www.downloadcrew.com/?act=software.download&id=35581&t=1486779344&c=009d955bf3045177bf1678cbade25f422bb6b5a7

http://www.bulksharetown.com/c?x=SRciZNuO9z8FqbCh2HAosmPkST0TyX5kbnzpLz/u68Q=&e=0&c=nSz0DCZHNB0V6XlaiDjiCvQPmxVhWcYlPTrpLIPJX8ZjDk2sQ5It3pBz4J7QZ3e8sRH/.../x81oooGVTHExCxursN0Y39GjlccyCTP2xFUiSdwYLDOeOoliqXSIdZT InwaKDLieZNTg0difofaNla8YiupRG67IlKImYNsU=&downloadAs=universe_sandbox_2.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=fHvqxLJeiGIBIXjA VlHVCxYmFigCSy3O756kfRcFL8=&c=Cu3Rhjfba3QpGgwbsQUGy4Z25/mcdPm6l/me0d6QprZ559FgW6f8NJu0//.../1vXaF8l1jFNnS6 wX0G9NCJIFv4ZBenEh2HCiuebEoh1z65nlP8he0JAUI=&e=0&downloadAs=universe_sandbox_2.exe&fallback_url=Fallback URL

http://download.freedownloadmanager.org/Windows-PC/.../FREE-2.2.html?ac2eb69

http://ultradownloads.com.br/.../2,978465.html

http://download.informer.com/.../universe-sandbox-setup.exe

http://universe-sandbox.software.informer.com/.../

http://universesandbox.s3.amazonaws.com/universe-sandbox-setup.exe

http://download.universesandbox.com/universe-sandbox-setup.exe

Scan universe-sandbox-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.