742_woodsmaster_30-06_for_sale_downloader.exe

PileFile downloader

LADY'S WOOD 2013 LIMITED

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 742_woodsmaster_30-06_for_sale_downloader.exe by LADY'S WOOD 2013 LIMITED has been detected as adware by 11 anti-malware scanners. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.sharfiles.com and multiple other hosts. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
LADY'S WOOD 2013 LIMITED  (signed and verified)

Product:
PileFile downloader

Version:
1,0,1,2270

MD5:
facf074ca6ec46c5c6da8e471affa1c6

SHA-1:
521e1aa100d6748453189f7434ac373c9a414ede

SHA-256:
e18c0f22f302bf0a34fd1e44552538ac7ad56d4bc719b72a0c1810614d8ed317

Scanner detections:
11 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup. Distributed through the Brightcircle investments brand.

Analysis date:
12/28/2024 10:21:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.135.160

avast!
Win32:Adware-gen [Adw]
2014.9-150204

AVG
MalSign.Generic
2016.0.3208

ESET NOD32
Win32/BundleInstaller (variant)
9.9516

Fortinet FortiGate
W32/Agent.PFR!tr
2/4/2015

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.2.29

McAfee
PileFile!FACF074CA6EC
5600.6864

nProtect
Adware/W32.Agent.5175736
14.03.07.02

Reason Heuristics
PUP.LADYSWOOD2013
15.2.4.14

Rising Antivirus
PE:PUF.FilePile!1.9E19
23.00.65.15202

VIPRE Antivirus
PileFile Downloader
27186

File size:
4.9 MB (5,175,736 bytes)

Product version:
1,0,1,2270

Copyright:
Copyright 2013

Original file name:
Oxy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\742_woodsmaster_30-06_for_sale_downloader.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/27/2014 6:00:00 PM

Valid to:
1/28/2015 5:59:59 PM

Subject:
CN=LADY'S WOOD 2013 LIMITED, O=LADY'S WOOD 2013 LIMITED, STREET=COMMUNICATIONS HOUSE, STREET=DEAN ROAD YATE, L=BRISTOL, S=SOUTH GLOUCESTERSHIRE, PostalCode=BS37 5NR, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F93831D83C5CE9CF3BB3658BA83359DB

File PE Metadata
Compilation timestamp:
2/26/2014 8:44:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:Wo7bh9KwmsGGrHc8Dg+gldowRMsC6NEPoBKc:WoXesnNUdHR36SKc

Entry address:
0xAA340

Entry point:
E8, 2A, 71, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, DC, 06, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, C4, 54, 4E, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 71, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, D0, A4, 4A, 00...
 
[+]

Entropy:
6.8660

Code size:
762 KB (780,288 bytes)

The file 742_woodsmaster_30-06_for_sale_downloader.exe has been seen being distributed by the following 2 URLs.