ad-aware-11.exe

Ultra Setup Manager

QUALITY SCORE SL

The application ad-aware-11.exe by QUALITY SCORE SL has been detected as adware by 7 anti-malware scanners. The file has been seen being downloaded from offersrepo.com and multiple other hosts.
Publisher:
TIK  (signed by QUALITY SCORE SL)

Product:
Ultra Setup Manager

Version:
3.5.33.763

MD5:
d7de08868828dd0d6f4d62c0bc31c2bc

SHA-1:
8efcd6e3e6b89ace80afc0a784cd1875b723e976

SHA-256:
37ea5d80e17b807e2707ea1d23f406ddc44a79339f131b02c2c7067e1db506d9

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/25/2024 1:23:25 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Colooader.354744
8.3.1.6

Dr.Web
Adware.Colooader.7
9.0.1.0171

Panda Antivirus
PUP/Multitoolbar
15.06.20.03

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.QUALITYSCORE.Installer (M)
15.6.19.23

Trend Micro House Call
Suspicious_GEN.F47V0618
7.2.171

VIPRE Antivirus
Iminent
41284

File size:
346.4 KB (354,744 bytes)

Product version:
3.5.33.763

Copyright:
Copyright © 2015

Trademarks:
TIK

Original file name:
i3KC.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ad-aware-11.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/20/2015 11:00:00 AM

Valid to:
1/21/2016 10:59:59 AM

Subject:
CN=QUALITY SCORE SL, O=QUALITY SCORE SL, STREET=CALLE SERRANO 213, L=MADRID, S=MADRID, PostalCode=28016, C=ES

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AFDAFBF8A640E5E34B76A9CAFF494517

File PE Metadata
Compilation timestamp:
6/19/2015 1:38:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:JkbE04N95gfumV2BEudQ1hZEfEim5tN17kjz82APU0TWmmk0DexAqwtCWnQdcP:ip4N95gfuasEim5tN17kjz82APFTWmmX

Entry address:
0x513BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 90, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9582

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
317 KB (324,608 bytes)

The file ad-aware-11.exe has been seen being distributed by the following 50 URLs.

http://offersrepo.com/download.php?__tc=1434858362637&downloadName=atube-catcher.exe

http://apitoolboox.com/inst/bin/index.php?http://apitoolboox.com?__tc=1436155731531&signature=qualityscorei3&downloadName=google-chrome

http://offersrepo.com/download.php?__tc=1434651619746&downloadName=google-earth-7.exe

http://offersrepo.com/download.php?__tc=1434108539048&downloadName=atube-catcher.exe

http://offersrepo.com/downloads2.php?__tc=1435290180979&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/download.php?__tc=1434903272604&downloadName=minecraft-1-7-2.exe

http://apitoolboox.com/inst/bin/index.php?http://apitoolboox.com?__tc=1436292189805&signature=qualityscorei3&downloadName=google-chrome

http://offersrepo.com/download.php?__tc=1435352302273&downloadName=amnesia-the-dark-descent.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=amnesia-the-dark-descent.exe

http://offersrepo.com/download.php?__tc=1434745855931&downloadName=atube-catcher.exe&downloadName=atube-catcher.exe

http://offersrepo.com/download.php?__tc=1435099305877&downloadName=atube-catcher.exe

Latest 30 of 58 download URLs

Remove ad-aware-11.exe - Powered by Reason Core Security