» zuma_s_revenge_securom_telecharger{1242359}.exe
Overview
Analysis
File Details
Downloads (505)
Network (19)

zuma_s_revenge_securom_telecharger{1242359}.exe

Tiny Download Manager

Nexway

The application zuma_s_revenge_securom_telecharger{1242359}.exe by Nexway has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from jeuxentelechargement.orange.fr and multiple other hosts. While running, it connects to the Internet address cdn-111-119-4-135.kix.llnw.net on port 80 using the HTTP protocol.

File name:

Publisher:

Boonty (signed by Nexway)

Product:

Tiny Download Manager

Version:

2, 1, 0, 50

MD5:

f51832f87131d81f1268a0a42c4c9991

SHA-1:

772dfaf11b83015608599c3165e3973bf2e4f0ce

SHA-256:

7de0eb4a7a4cad34d298d7943d97845fbfc21947a397e295f118fd67990fab28

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 5:03:29 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Boonty

2014.06.08

Malwarebytes

PUP.Optional.InstallCore

v2014.06.08.05

Reason Heuristics

PUP.Bundler.MB

16.2.23.16

File size:

781.3 KB (800,032 bytes)

Product version:

2, 1, 0, 50

Original file name:

TinyDownloadManager.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\zuma_s_revenge_securom_telecharger{1242359}.exe

Digital Signature

Signed by:

Nexway

Authority:

GoDaddy.com, Inc.

Valid from:

4/27/2012 3:30:49 PM

Valid to:

4/27/2014 3:30:49 PM

Subject:

CN=Nexway, O=Nexway, L=Nanterre, S=N/A, C=FR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EE8F89E42E098

File PE Metadata

Compilation timestamp:

4/15/2014 2:46:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:pKMQV6cIFYJ6Q0qPzT8R3vpDFiceWrGG1CXy4zeU:pkccQa6Q3rT4xBU2G8CXFT

Entry address:

0x228C70

Entry point:

60, BE, 00, 30, 57, 00, 8D, BE, 00, E0, E8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

728 KB (745,472 bytes)

The file zuma_s_revenge_securom_telecharger{1242359}.exe has been seen being distributed by the following 50 URLs.

http://jeuxentelechargement.orange.fr/down.html?Ref=792498&semail=anonyme_eval@nexway.fr

http://www.jeux.org/.../enigmes-dhalloween-nonograms/.../

http://www.doublegames.net/download_game/pc/.../double-play-nanny-mania-2-and-babysitting-mania

http://www.ranchsendgift.com/3c48efdlVxfd2h1a1BHT1l8FQKofOsV7xp7JtQTQECyRAsFi0gXP8Ap SuFdP9ggzYohZL5C_41ylr5JYjlMtg9o7l7qsRDn1ERt_cgMhikrf4gGtgc_h33kRD7lqBH2rtyLGWCWxEiqugfAvkdnw_JORCF iQ93zHVr33KS mnstTa_QD9BwsEqpHdnFSPm6ioJS_nK6w4OtcFW8OFlL1U4kQsL4Q==-GzkAAERPPS96niIQHpNtHnC5IhpGhtAYxYHzxhzfjIThnjzQKx2whv3fE5dcXwE=

http://tdm.boonty.com/.../Surface_Return_to_Another_World_CE_Telecharger{1645057}.exe

http://digitaldownload.tiscali.it/download.php?intIdGame=800073

https://www.doublegames.com/download_game/pc/.../diner-dash-flo-through-time

http://jeuxentelechargement.orange.fr/down.html?Ref=820493&semail=anonyme_eval@nexway.fr

http://tdm.boonty.com/.../Paradise_Beach_2_Telecharger{725398}.exe

http://tdm.boonty.com/.../Treasure_Seekers_Follow_the_Ghosts_PV_Telecharger{1241344}.exe

http://tdm.boonty.com/.../Awakening_The_Redleaf_Forest_Telecharger{1448449}.exe

http://justforgames.nexway.com/download_casual.html?Ref=818566

http://tdm.boonty.com/.../Adelantado_Trilogy_Book_2_Telecharger{1212222}.exe

http://www.jeux.org/.../surface-retour-dans-lautre-monde-edition-collector/.../

https://www.doublegames.mobi/download_game/pc/.../diner-dash-5-boom

http://tdm.boonty.com/.../Moorhuhn_Pirates_(Phenomedia)_Telecharger{1239565}.exe

https://www.doublegames.com/download_game/pc/.../build-a-lot5-the-elizabethan-era-premium-edition

http://jeuxentelechargement.orange.fr/down.html?Ref=771544&semail=anonyme_eval@nexway.fr

https://www.doublegames.com/download_game/pc/.../wedding-dash

http://shell.boonty.com/setShellCookieApi.php?intIdSite=41&intIdMetagame=6853

http://fr.boonty.com/do_download.php?intIdGame=395627&multidownload=0&download=1&blnIsXPSP2=&boontyBox=&boontyCtrl=&blnIsIE5=&stealth=

http://www.jeux.org/.../crystals-of-time/.../

http://www.doublegames.su/download_game/pc/.../insaniquarium

http://www.doublegames.com/download_game/pc/.../word-mojo-gold

http://jeuxentelechargement.orange.fr/down.html?Ref=772254&semail=anonyme_eval@nexway.fr

http://www.jeux.org/.../tropical-farm/.../

http://games.univision.com/.../do_download.php?intIdGame=939722&multidownload=0&download=1&blnIsXPSP2=&boontyBox=&boontyCtrl=&blnIsIE5=&stealth=

http://shell.boonty.com/setShellCookieApi.php?intIdSite=41&intIdMetagame=7157

http://www.jeux.org/.../aquitania/.../

http://jeuxentelechargement.orange.fr/down.html?Ref=820572&semail=anonyme_eval@nexway.fr

Latest 30 of 505 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to https-178-79-238-128.mrs.llnw.net (178.79.238.128:80)

TCP (HTTP):

Connects to cds7.dmk.llnw.net (103.21.25.9:80)

TCP (HTTP):

Connects to cdn-117-121-249-253.sin.llnw.net (117.121.249.253:80)

TCP (HTTP):

Connects to https-178-79-238-0.mrs.llnw.net (178.79.238.0:80)

TCP (HTTP):

Connects to cds11.cdg.llnw.net (185.178.53.31:80)

TCP (HTTP):

Connects to cdn-87-248-221-253.par.llnw.net (87.248.221.253:80)

TCP (HTTP):

Connects to cdn-87-248-207-253.arn.llnw.net (87.248.207.253:80)

TCP (HTTP):

Connects to cdn-87-248-205-254.mad.llnw.net (87.248.205.254:80)

TCP (HTTP):

Connects to cdn-208-111-128-7.lga.llnw.net (208.111.128.7:80)

TCP (HTTP):

Connects to cdn-111-119-4-135.kix.llnw.net (111.119.4.135:80)

TCP (HTTP):

Connects to https-178-79-242-128.fra.llnw.net (178.79.242.128:80)

TCP (HTTP):

Connects to cdn-68-142-93-133.sea2.llnw.net (68.142.93.133:80)

TCP (HTTP):

Connects to cdn-208-111-128-6.lga.llnw.net (208.111.128.6:80)

TCP (HTTP):

Connects to cdn-203-77-188-254.hkg.llnw.net (203.77.188.254:80)

TCP (HTTP):

Connects to cdn-178-79-221-7.vie.llnw.net (178.79.221.7:80)

TCP (HTTP):

Connects to cdn-117-121-249-254.sin.llnw.net (117.121.249.254:80)

TCP (HTTP):

Connects to cdn-111-221-33-253.icn.llnw.net (111.221.33.253:80)

TCP (HTTP):

Connects to cdn-111-119-4-134.kix.llnw.net (111.119.4.134:80)

TCP (HTTP):

Connects to cdn-111-119-17-253.bom.llnw.net (111.119.17.253:80)

Remove zuma_s_revenge_securom_telecharger{1242359}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.