» additionaloffers-setup.exe
Overview
Analysis
File Details
Downloads (5)

additionaloffers-setup.exe

Groovecom

The application additionaloffers-setup.exe by Groovecom has been detected as adware by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.downloadmanager149.com and multiple other hosts.

File name:

Publisher:

Groovecom (signed and verified)

Product:

Groovecom

Version:

80.8.8.8035

MD5:

0b633e1b564e2cb83969d0fea3bf3ce6

SHA-1:

0aabc3c4bb9c2f7cccc25410eeabe38e7f2ebb41

SHA-256:

1152b996b6fd2d08276410f716909664dbe256bf43d8d0f8accdd45850770aa0

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/27/2024 4:21:50 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DownloadAdmin.4

372

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Generic

2017.0.2850

Bitdefender

Gen:Variant.Application.Bundler.DownloadAdmin.4

1.0.20.140

Bkav FE

W32.HfsAdware

1.3.0.7383

Clam AntiVirus

Win.Trojan.Downloadadmin-248

0.98/21511

Comodo Security

Application.Win32.DownloadAdmin.RP

23688

Dr.Web

Trojan.Vittalia.1198

9.0.1.028

ESET NOD32

Win32/DownloadAdmin.P potentially unwanted (variant)

10.12650

Fortinet FortiGate

Riskware/DownloadAdmin

1/28/2016

F-Secure

Gen:Variant.Application.Bundler

11.2016-28-01_5

G Data

Gen:Variant.Application.Bundler.DownloadAdmin

16.1.25

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18012

McAfee

Artemis!AD8E3B6ACF3E

5600.6506

MicroWorld eScan

Gen:Variant.Application.Bundler.DownloadAdmin.4

17.0.0.84

Panda Antivirus

Trj/Genetic.gen

16.01.28.07

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.DownloadAdmin.Groovecom.Installer (M)

16.1.28.19

Rising Antivirus

PE:Adware.DownloadAdmin!1.A243 [F]

23.00.65.16126

SUPERAntiSpyware

PUP.DownloadAdmin/Variant

9357

VIPRE Antivirus

Trojan.Win32.Generic

45536

Zillya! Antivirus

Adware.BrowseFox.Win32.191000

2.0.0.2539

File size:

870.7 KB (891,624 bytes)

Product version:

80.8.8.8035

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\additionaloffers-setup.exe

Digital Signature

Signed by:

Groovecom

Authority:

GoDaddy.com, Inc.

Valid from:

11/12/2015 3:18:38 AM

Valid to:

9/11/2016 2:39:55 AM

Subject:

CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00A5A543D1F82F75E7

File PE Metadata

Compilation timestamp:

11/4/2014 1:12:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:HEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIH:fiValp3yiAsbD4rNZy/U

Entry address:

0x2026

Entry point:

E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00... 
[+]

Entropy:

7.9690 (probably packed)

Code size:

52.5 KB (53,760 bytes)

The file additionaloffers-setup.exe has been seen being distributed by the following 5 URLs.

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=BD&cb=-1528259021&osName=unknown&browserName=unknown&zTmp=1&executable=1197925

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=EG&cb=-1996457908&osName=unknown&browserName=unknown&zTmp=1&executable=1197925

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&cb=413968809&osName=unknown&browserName=unknown&zTmp=1&executable=1197925

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=ID&cb=169035223&osName=unknown&browserName=unknown&zTmp=1&executable=1197925

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=ID&cb=1621095630&osName=unknown&browserName=unknown&zTmp=1&executable=1197925

Remove additionaloffers-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.