» super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe
Overview
Analysis
File Details
Downloads (2)

super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe

Smart Inst

Chivas

The application super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.perisigmoiditisgashing.site and multiple other hosts.

File name:

Publisher:

Chivas

Product:

Smart Inst

Description:

tiny install

Version:

154.91.183.203

MD5:

bc9c278a1904e1ca3879a8622cd5dc2f

SHA-1:

b2614da0d4c155c049929e117067c31240264bdd

SHA-256:

c5d8f42c05f30426c6be87f6df363a2ab2b424ac86c84ade5bb8d7a21c4249b0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

6/29/2025 12:37:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallMonetizer.Chivas.Installer.Meta (M)

16.5.3.21

File size:

797.5 KB (816,640 bytes)

Product version:

154.91.183.203

Trademarks:

SW Good M

Original file name:

file.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe

File PE Metadata

Compilation timestamp:

5/1/2016 7:53:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:i33z9nS0SN7Q1D2BSQVKio9mXhScmLPca2VokX:i3D9Sv7GKwQVNosXMcmIa7k

Entry address:

0x5C98

Entry point:

E8, 9E, 36, 00, 00, E9, 8C, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2B, FF, 75, 08, 6A, 00, FF, 35, 80, 09, 41, 00, E9, A2, E9, FF, FF, 85, C0, 75, 17, 56, E8, F3, 20, 00, 00, 8B, F0, E9, A9, FD, FF, FF, 50, E8, 99, 20, 00, 00, 59, 89, 06, 5E, 5D, C3, C7, 01, 30, C3, 40, 00, E9, 70, F1, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 30, C3, 40, 00, E8, 5D, F1, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 82, E8, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47... 
[+]

Entropy:

7.5583

Code size:

40 KB (40,960 bytes)

The file super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe has been seen being distributed by the following 2 URLs.

http://www.perisigmoiditisgashing.site/11_nod32_launcher.exe

http://www.perisigmoiditisgashing.site/14_nod32_launcher.exe

Remove super nintendo 176 in 1 downloader__3687_i1915495889_il638942.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.