additionaloffers-setup.exe

Groovecom

The application additionaloffers-setup.exe by Groovecom has been detected as adware by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.downloadmanager149.com and multiple other hosts.
Publisher:
Groovecom  (signed and verified)

Product:
Groovecom

Version:
80.8.8.8035

MD5:
0b633e1b564e2cb83969d0fea3bf3ce6

SHA-1:
0aabc3c4bb9c2f7cccc25410eeabe38e7f2ebb41

SHA-256:
1152b996b6fd2d08276410f716909664dbe256bf43d8d0f8accdd45850770aa0

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/27/2024 4:21:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
372

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2017.0.2850

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.140

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-248
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.RP
23688

Dr.Web
Trojan.Vittalia.1198
9.0.1.028

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12650

Fortinet FortiGate
Riskware/DownloadAdmin
1/28/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-28-01_5

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.1.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18012

McAfee
Artemis!AD8E3B6ACF3E
5600.6506

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.84

Panda Antivirus
Trj/Genetic.gen
16.01.28.07

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.DownloadAdmin.Groovecom.Installer (M)
16.1.28.19

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.16126

SUPERAntiSpyware
PUP.DownloadAdmin/Variant
9357

VIPRE Antivirus
Trojan.Win32.Generic
45536

Zillya! Antivirus
Adware.BrowseFox.Win32.191000
2.0.0.2539

File size:
870.7 KB (891,624 bytes)

Product version:
80.8.8.8035

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\additionaloffers-setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
11/12/2015 3:18:38 AM

Valid to:
9/11/2016 2:39:55 AM

Subject:
CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A5A543D1F82F75E7

File PE Metadata
Compilation timestamp:
11/4/2014 1:12:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:HEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIH:fiValp3yiAsbD4rNZy/U

Entry address:
0x2026

Entry point:
E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00...
 
[+]

Entropy:
7.9690  (probably packed)

Code size:
52.5 KB (53,760 bytes)

The file additionaloffers-setup.exe has been seen being distributed by the following 5 URLs.

Remove additionaloffers-setup.exe - Powered by Reason Core Security