00000000

Grupo 8 Ideias

The file 00000000 by Grupo 8 Ideias has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from geraldoagito.com.br and multiple other hosts.
Publisher:
Grupo 8 Ideias  (signed and verified)

Version:
1.0.0.1

MD5:
134c8c2182b477ab6480bc338f1dd465

SHA-1:
030dbeb40f31b9ea82fbe543291bc37b2bbb8007

SHA-256:
252501a42244c81f6c26d1fd5db4f8383fd678564ac55095b8749e501613387a

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
11/5/2024 10:25:38 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2016.0.3214

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.15130

ESET NOD32
Win32/Somoto
9.11092

K7 AntiVirus
Trojan
13.193.14800

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.2565

McAfee
Artemis!134C8C2182B4
5600.6870

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.BetterInstaller.A
1.15.14.00

Reason Heuristics
PUP.Grupo8Ideias
15.1.30.1

Sophos
Generic PUA AD
4.98

Trend Micro House Call
Suspicious_GEN.F47V0117
7.2.30

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37072

File size:
421.2 KB (431,272 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\007\t\00\00000000

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/26/2014 1:00:00 AM

Valid to:
2/27/2015 12:59:59 AM

Subject:
CN=Grupo 8 Ideias, O=Grupo 8 Ideias, STREET=Rua Sabino dos Santos Nunes. 85, L=Cândido Mota, S=São Paulo, PostalCode=19880-000, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0080A4BC137A4C6273EF58CE0FC39ACAFA

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:tF1LHQNZMbtaADcDz+MJ4cy3DAp8qMVQ0i/8Atn:tFhuktox8hum6n

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 00000000 has been seen being distributed by the following 31 URLs.

http://geraldoagito.com.br/.../Ver-Fotos-Mc-Anitta-Vazam-na-Net-Nua-Pelada-do_downloader-Q2pOLl1x0.exe

http://www.botapagodao.net/.../Timbalada---Festival-de-Verão-Salvador-2014_downloader-Q2ffjOkKA.exe

http://www.baixarjogosgratis.org/.../Download-Drácula-2:-O-Último-Santuário-PC_downloader-Q1grghJHf.exe

http://www.megafilmeshdl.net/.../Assistir-Pretty-Little-Liars-5ª-Temporada---Dublado-e-Legendado_downloader-Q9bMry7a3.exe

http://www.topmusicasparabaixar.com/.../Gigantes-Do-Samba-(Oficial)-(2014)_downloader-Q5ls1lcuM.exe

http://www.megafilmeshdl.net/.../Plugin_downloader-Qc8iABbxZ.exe

http://www.botapagodao.net/.../Luxúria---A-Gente-Tem-o-Poder---Verão-2014_downloader-Q9OpdydeS.exe

http://www.megafilmeshdl.net/.../Plugin_downloader-Q2JagAHfJ.exe

http://palaciofilmeshd.com/.../Jogos-Vorazes:-A-Esperança-Parte-1-Dublado_downloader-Qd6mwQUps.exe

http://www.doutormp3.com/.../Wow-Hits-2015-Deluxe-Edition-2014-(Pop)_downloader-Q3HTYVEt7.exe

Latest 30 of 31 download URLs

Remove 00000000 - Powered by Reason Core Security