1_offer_11.exe

MY POP SHOP LTD

The application 1_offer_11.exe by MY POP SHOP has been detected as adware by 15 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.file7desktop.com and multiple other hosts.
Publisher:
MY POP SHOP LTD  (signed and verified)

MD5:
b5901867e0f3fb266048a11c0063eb56

SHA-1:
a27dfbb47070e380c978b44af9e6818577cbfb27

SHA-256:
100ddcf3f504a1e262e06665b3f3bfff68d6f620f09d0b88a1727a45252fdb95

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
12/25/2024 1:57:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Smartbar.O
844

AegisLab AV Signature
Troj.W32.Inject
2.1.4+

avast!
Win32:Malware-gen
2014.9-141102

AVG
Mypopshop
2015.0.3322

Baidu Antivirus
Trojan.Win32.MsiDrop
4.0.3.14112

Bitdefender
Adware.Smartbar.O
1.0.20.1435

Emsisoft Anti-Malware
Adware.Smartbar.O
8.14.10.14.08

ESET NOD32
Win32/TrojanDropper.MsiDrop (variant)
8.10647

F-Secure
Adware.Smartbar.O
11.2014-14-10_3

G Data
Adware.Smartbar
14.10.24

IKARUS anti.virus
AdWare.Smartbar
t3scan.1.8.3.0

MicroWorld eScan
Adware.Smartbar.O
15.0.0.861

nProtect
Adware.Smartbar.O
14.10.12.01

Reason Heuristics
PUP.MYPOPSHOP.K
14.10.14.8

Zillya! Antivirus
Dropper.MsiDrop.Win32.1
2.0.0.1973

File size:
9.7 MB (10,190,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1_offer_11.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/6/2014 5:00:00 PM

Valid to:
7/7/2015 4:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata
Compilation timestamp:
10/6/2014 5:02:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:4jRN0LYfTPqRBam8fsWNiyTsgYAep9swb7SIaF1Qr5UPFEkaPkcm:vMjOBn8fsxyY7p9tCVQr5yEZLm

Entry address:
0xB01F

Entry point:
E8, 92, 5E, 00, 00, E9, 95, FE, FF, FF, FF, 35, 80, 21, 42, 4F, FF, 15, 88, 90, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 77, 3E, 00, 00, 6A, 01, 6A, 00, E8, 70, 2E, 00, 00, 83, C4, 0C, E9, 35, 2E, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83...
 
[+]

Entropy:
7.9987  (probably packed)

Code size:
95 KB (97,280 bytes)

The file 1_offer_11.exe has been seen being distributed by the following 2 URLs.

Remove 1_offer_11.exe - Powered by Reason Core Security