home

star_wars_the_force_awakens_downloader.exe

Installer

Via Advertising Group

The application star_wars_the_force_awakens_downloader.exe by Via Advertising Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from us.springfile.org. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
http://spring-files.com  (signed by Via Advertising Group)

Product:
Installer

Version:
1, 0, 1052, 1

MD5:
9a7fc8ce593ac825d2a0020a31ebb0d2

SHA-1:
a3ba680f804542d056845f2f3db7f75903147fdc

SHA-256:
362fe762b7b9e65c3fadcbaf15dd92bd2b58c222167485dd78ab04a5a03c75f1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/3/2024 5:05:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ViaAdvertising (M)
16.8.10.6

File size:
3.7 MB (3,864,520 bytes)

Product version:
2.0.0.1

Copyright:
Copyright(C) 2015

Original file name:
install.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\star_wars_the_force_awakens_downloader.exe

Digital Signature
Signed by:
Via Advertising Group

Authority:
thawte, Inc.

Valid from:
3/10/2015 5:00:00 PM

Valid to:
3/10/2017 3:59:59 PM

Subject:
CN=Via Advertising Group, O=Via Advertising Group, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7EC3BA18EE92A6F0F46CF856A9C4C161

File PE Metadata
Compilation timestamp:
12/11/2015 2:00:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
98304:t/SXQhngS92MBu7MPLfuehYPOYZ/W9ORXu7G0kiynsO1t:tuQhngc22u7MKeIOYoSua0kiysO1t

Entry address:
0x7F6FD0

Entry point:
9C, 9C, 60, E9, EE, 0B, FF, FF, 24, 4E, 30, 6D, F6, 4C, AF, CD, 98, 4E, 0D, 67, 4C, 28, 63, 05, E1, 89, DE, 16, 20, 4B, 71, 77, 32, B5, 86, FF, CF, A3, BA, 2F, 5D, 15, AF, 3B, E2, AA, 06, 00, FB, A2, 9D, 55, 87, 6D, 0D, AF, CC, 2C, 8B, 8D, 7A, 1E, 52, 00, 65, CE, AA, 16, 15, 00, D0, DA, 9F, F0, 33, E4, B2, EB, 14, 39, 0B, 3D, 61, 13, 22, 10, 2E, E1, 67, 16, F0, 7C, 7B, 4F, AC, 75, 8E, 73, 18, B2, EB, 23, 2D, C0, DD, B7, E6, 07, 18, A6, D1, 68, D4, 82, 40, 13, 20, F1, 74, 03, BA, D6, 57, CE, 35, B8, 9D, 2E...
 
[+]

Entropy:
7.9948  (probably packed)

Code size:
1.2 MB (1,235,968 bytes)

The file star_wars_the_force_awakens_downloader.exe has been seen being distributed by the following URL.

https://us.springfile.org/star_wars_the_force_awakens_downloader.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove star_wars_the_force_awakens_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.