home

adblock-plus.exe

The application adblock-plus.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from tmpfile474.s3.amazonaws.com.
MD5:
0bd60ae11298d6fa6959c631a1e1f2e3

SHA-1:
e593f02e5abca30dea013f4821d7ccb8601d1cfb

SHA-256:
43c50260bf0ab23694234cc26c1dfc4705f451f6af58cb2051cd8b1e516e8a62

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 4:39:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundler (M)
16.3.8.21

File size:
799.8 KB (818,944 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\adblock-plus.exe

File PE Metadata
Compilation timestamp:
5/14/2023 4:36:32 PM

OS version:
0.17741

OS bitness:
Win64

Linker version:
52.46

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:3XGh7gue4GRqitsvOFe29XofwJG8bOEk9Oo9ChXr2gh83SD32+yFBkL1k3:nGhgue4cKvOFZYoJGGeiq08CK+y8LA

Entry address:
0x14

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 27, 8B, A8, 42, F6, 93, 41, 26, 50, 7E, 0C, 00, 18, 49, 0D, 00, 15, 00, 00, 00, 61, 64, 62, 6C, 6F, 63, 6B, 70, 6C, 75, 73, 2D, 32, 2E, 32, 2E, 34, 2E, 78, 70, 69, 00, 3F, 2C, C0, D3, 50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 5A, 7F, A8, 42, E4, D8, 0F, 30, F2, 0A, 00, 00, B9, 0F, 00, 00, 14, 00, 00, 00, 4D, 45, 54, 41, 2D, 49, 4E, 46, 2F, 7A, 69, 67, 62, 65, 72, 74, 2E, 72, 73, 61, CD, 57, 79, 54, 53, 47, 17, E7, BD, 17, 12, 21, 84, 18, 96, A0, 28, 18, 16, 05, 65, 9B...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
6.6 MB (6,910,072 bytes)

The file adblock-plus.exe has been seen being distributed by the following URL.

https://tmpfile474.s3.amazonaws.com/download77/ic_trackings/9438/.../adblock-plus.exe

Remove adblock-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.