adblock-plus.exe

Ultra Setup Manager

QUALITY SCORE SL

The application adblock-plus.exe by QUALITY SCORE SL has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from offersrepo.com and multiple other hosts. While running, it connects to the Internet address ocsp.comodoca.com on port 80 using the HTTP protocol.
Publisher:
QUALITY SCORE SL  (signed and verified)

Product:
Ultra Setup Manager

Version:
3.4.21.679

MD5:
c9b389aebef4172ffd71954c55a6b987

SHA-1:
7ab06793d073de1d13b169236d765dfa4c10d9b3

SHA-256:
2da4f7540fc9a0faec216384ac7eef44ddbae5285530f71d8bae18a00e73e71d

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 1:14:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.QUALITYSCORE
15.4.8.14

Sophos
QualityScore
4.98

VIPRE Antivirus
Iminent
39170

File size:
153.9 KB (157,624 bytes)

Product version:
3.4.21.679

Copyright:
Copyright © 2015

Original file name:
i3KC.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adblock-plus.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/20/2015 1:00:00 AM

Valid to:
1/21/2016 12:59:59 AM

Subject:
CN=QUALITY SCORE SL, O=QUALITY SCORE SL, STREET=CALLE SERRANO 213, L=MADRID, S=MADRID, PostalCode=28016, C=ES

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AFDAFBF8A640E5E34B76A9CAFF494517

File PE Metadata
Compilation timestamp:
4/6/2015 7:19:51 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:x0tpLYOME78bqJbr+DhobzNTXAfPGvG/jrfzZW4tYHh1wc0aOc7zj:4pCE784bcWbzE/ohOv3cT

Entry address:
0x210DE

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
124.5 KB (127,488 bytes)

The file adblock-plus.exe has been seen being distributed by the following 19 URLs.

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=quran-auto-reciter-3-3.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=whatsapp-for-pc-free.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=goat-simulator.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=minecraft-forge.exe

http://offersrepo.com/downloads.php?signature=qualityscorei3&downloadName=navegador-gratis.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

Remove adblock-plus.exe - Powered by Reason Core Security