» adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe
Overview
Analysis
File Details
Downloads (1)

adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe

nuevos-programas.com Downloader

Cpc Net Advertising LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe by Cpc Net Advertising has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from cirepo.s3.amazonaws.com.

File name:

Publisher:

Cpc Net Advertising LLC (signed and verified)

Product:

nuevos-programas.com Downloader

Version:

1.0.5.42875

MD5:

ac67390aac66aaa757350614fbd637eb

SHA-1:

bd58fd45d0185f3b20b011915128bf82091189f3

SHA-256:

8fc4b4da5259325d199a1efb95e3e513d19470384f31c1932db2a01a86bb0c17

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/27/2024 1:16:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.CpcNetAdvertising.Installer (M)

16.1.19.13

File size:

927.1 KB (949,320 bytes)

Product version:

1.0.5.42875

Original file name:

ClickOnceSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Digital Signature

Signed by:

Cpc Net Advertising LLC

Authority:

thawte, Inc.

Valid from:

6/30/2015 5:00:00 PM

Valid to:

6/30/2016 4:59:59 PM

Subject:

CN=Cpc Net Advertising LLC, OU=IT, O=Cpc Net Advertising LLC, L=Wilmington, S=Delaware, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

2BC1DD7AA35DE89A0D5276ECD7AE32AF

File PE Metadata

Compilation timestamp:

8/3/2015 9:00:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:PywfG3L0GwHlaNK/0EbZ1G1rx5Dzhwh6IdO+/FkkR2/JqfwT2+pHTEsMJr2:PZf40GGaNK/bu1LXhwh6AO4F6xs8NTGy

Entry address:

0xDFE5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8210

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

888 KB (909,312 bytes)

The file adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe has been seen being distributed by the following URL.

http://cirepo.s3.amazonaws.com/release/Downloaders/Adsearches/.../Adsearches_CHNL2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe

Remove adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.