62626.selection_tools.alt001.no.exe

Selection Tools

NOSIBAY

The application 62626.selection_tools.alt001.no.exe, “Selection Tools Installer” by NOSIBAY has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from d1ykyz0mbyn4to.cloudfront.net.
Publisher:
NOSIBAY  (signed and verified)

Product:
Selection Tools

Description:
Selection Tools Installer

Version:
3.0.705.0.62626

MD5:
20417b6436553c7fecb7a603f9eed8a7

SHA-1:
7510174cb4a72b54583c7458a00deca7c29ae427

SHA-256:
b0ba7270532ff537a9d8c0af9f079a916b1fcfce806d2221668c7133410e6e1d

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:38:37 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3155

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.10519
9.0.1.089

IKARUS anti.virus
PUA.BubbleDock
t3scan.1.8.9.0

McAfee
Artemis!20417B643655
5600.6811

Reason Heuristics
PUP.Installer.NOSIBAY
15.3.30.6

Trend Micro House Call
PUA_BubbleDock
7.2.89

Trend Micro
PUA_BubbleDock
10.465.30

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
3.5 MB (3,651,928 bytes)

Copyright:
© WTools

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\eelwx5f1\62626.selection_tools.alt001.no.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/25/2014 1:00:00 AM

Valid to:
12/25/2015 11:59:59 PM

Subject:
CN=NOSIBAY, OU=Secure Application Development, O=NOSIBAY, L=PEROLS, S=Hérault, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52E368957AD1C7202A103C7CFD7BD6C2

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:BjypFKl9tS9zK8V05747ygeIdGQbiNeaXjBpWbIICZB4+lKDCLHPQQxd1C3ME:BjyBH05YeId1bmXtpW85rTl3jrLE

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9982

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 62626.selection_tools.alt001.no.exe has been seen being distributed by the following URL.

Remove 62626.selection_tools.alt001.no.exe - Powered by Reason Core Security