» welcome to the game full version__15434_il77.exe
Overview
Analysis
File Details
Downloads (2)

welcome to the game full version__15434_il77.exe

Smart Inst

Ghw7gnhIBQXlpmC

The application welcome to the game full version__15434_il77.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.inditedexplanatory.webcam and multiple other hosts.

File name:

Publisher:

Ghw7gnhIBQXlpmC

Product:

Smart Inst

Description:

WiXUStAJOXpZMT

Version:

81.211.142.128

MD5:

5caa03b91b3042c6aa43043e8598f2ad

SHA-1:

52e2dfeafa85a839ca2806e0ac61ee98064598f2

SHA-256:

ece9d8755ebb36b3892a187486f4f3ac36cd6246210c554eb1023cf75b42dba8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

6/2/2024 10:27:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallMonetizer.Ghw7gnhI.Meta (M)

16.7.8.3

File size:

566.5 KB (580,096 bytes)

Product version:

81.211.142.128

CL2016

Trademarks:

BaFv1Vd6DDmoaz

Original file name:

H7axk5UJ9NIb

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\welcome to the game full version__15434_il77.exe

File PE Metadata

Compilation timestamp:

7/7/2016 8:24:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:FumMYklnmCjG0S22B4Wuaqj/8ghCmEqWtUMdSlNv5kTewLX9IOe92ctqjiY+W0SD:xYv3VVo3++N1hBGy

Entry address:

0x5A76

Entry point:

E8, AF, 29, 00, 00, E9, 71, FE, FF, FF, C7, 01, 1C, C3, 40, 00, E9, 4F, 14, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, C3, 40, 00, E8, 00, 00, 00, 00, 9C, 83, 44, 24, 04, 0C, 9D, E9, 30, 14, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 20, EC, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, A9, 15, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6... 
[+]

Entropy:

7.6038

Code size:

39.5 KB (40,448 bytes)

The file welcome to the game full version__15434_il77.exe has been seen being distributed by the following 2 URLs.

http://www.inditedexplanatory.webcam/.../z2br5.exe

http://www.inditedexplanatory.webcam/.../y75ay.exe

Remove welcome to the game full version__15434_il77.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.