291014_nj.exe

GENCO LABS LLC

The application 291014_nj.exe, “Download da Internet” by GENCO LABS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.baixegetit.net.
Publisher:
GENCO LABS LLC  (signed and verified)

Description:
Download da Internet

Version:
2.9.5.3

MD5:
9cb67d8bcb02f1eb34ca7b28464e0de0

SHA-1:
0c31e47318daf44c67738c55b61650ab6cd3e902

SHA-256:
dbb59bc4024ee7e4dc5573078ba2a0e9e4e59f29595fcd83840ec87288f2c854

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:13:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BR Software.GENCOLAB.Installer (M)
16.5.23.6

File size:
1.7 MB (1,765,608 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\291014_nj.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/17/2015 8:53:38 AM

Valid to:
10/20/2015 7:14:36 PM

Subject:
CN=GENCO LABS LLC, O=GENCO LABS LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00BE2471032696C220

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:HeZ0+7D05cvkh7vmVR4B6tdwxja/Wz+T1+3LR8Z1bGrSqYKferZDTzXcqJaRAe:A0n5cvMyH4FF+Toleb3qYNrcqJKh

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 291014_nj.exe has been seen being distributed by the following URL.

Remove 291014_nj.exe - Powered by Reason Core Security