325_331br_tzip.exe

Navigation network co.,limited

The application 325_331br_tzip.exe by Navigation network co.,limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d5qlpohh1zul3.cloudfront.net.
Publisher:
Navigation network co.,limited  (signed and verified)

Version:
2.0.0.0

MD5:
e5ff1a756d4bf6287c703cc76b47b9c3

SHA-1:
eb3041ed58a63a83895720fb12de576856f2eb77

SHA-256:
0154e55aadd1ab323165387059a34dc6ade5f56a47405db7dfc1a9ccd118d884

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 1:38:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Navigationnetworkcolimited (M)
15.8.23.20

File size:
453.9 KB (464,784 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (C) 2014

Original file name:
Download.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\325_331br_tzip.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/18/2014 9:00:00 PM

Valid to:
2/19/2016 9:59:59 PM

Subject:
CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata
Compilation timestamp:
8/6/2015 8:50:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:NfNBs/LP5u/X4fTzd8RxnVqxstovXOpQjC:qTygTGtVEH+pCC

Entry address:
0x29B70

Entry point:
E8, C1, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 31, 3A, 00, 00, 6A, 16, 5E, 89, 30, E8, 77, 67, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 13, 3A, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 92, DD, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 83, 3D, 44, 86, 45, 00, 00, 75, 75, 8B, 55, 08, 85, D2, 75, 17, E8, E3, 39, 00, 00, C7, 00, 16, 00, 00, 00, E8, 28, 67, 00, 00, B8, FF, FF, FF, 7F, 5D, C3...
 
[+]

Code size:
274 KB (280,576 bytes)

The file 325_331br_tzip.exe has been seen being distributed by the following URL.

Remove 325_331br_tzip.exe - Powered by Reason Core Security