52d1c3dc2356d03675014533.exe

viddyhddownload

Roadstar Media LTD

The application 52d1c3dc2356d03675014533.exe by Roadstar Media has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.viddyhddownload.com.
Publisher:
$(^Name)  (signed by Roadstar Media LTD)

Product:
viddyhddownload

Version:
1.0

MD5:
a854ef44647345057099a2a4bb1d30e6

SHA-1:
36c563c1f4462665ba767ab0b14fd9927905d446

SHA-256:
ba7fc42f6de1cb7d274f89cf61f188540c7d28dde87df4812b2d959b90706d48

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/25/2024 6:03:29 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Roadstar Media
2015.0.3597

herdProtect (fuzzy)
2014.1.26.18

Malwarebytes
PUP.Optional.ViddyHD.A
v2014.01.11.06

McAfee
Artemis!A854EF446473
5600.7249

Reason Heuristics
PUP.RoadstarMedia.Y
14.8.8.0

Rising Antivirus
PE:Trojan.Win32.Generic.137A42C9!326779593
23.00.65.14109

Sophos
Roadstar Media
4.96

Trend Micro House Call
TROJ_GEN.F47V0108
7.2.11

VIPRE Antivirus
Jottix
25470

File size:
191.8 KB (196,408 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\52d1c3dc2356d03675014533.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/5/2013 1:00:00 AM

Valid to:
12/6/2014 12:59:59 AM

Subject:
CN=Roadstar Media LTD, O=Roadstar Media LTD, L=Tel-Aviv, S=Tel-Aviv, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
093AB5995A92F0A294E993DAA93A2F01

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:hgXdZt9P6D3XJ/NmgmjXMU7Q2pzFmaO7yp4tIAwPxnKX5hWHPFiOsixmUpPGbrFp:he34FUgmu2ppmabLP19dhsiNERp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 52d1c3dc2356d03675014533.exe has been seen being distributed by the following URL.

Remove 52d1c3dc2356d03675014533.exe - Powered by Reason Core Security