adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe

nuevos-programas.com Downloader

Cpc Net Advertising LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe by Cpc Net Advertising has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from cirepo.s3.amazonaws.com.
Publisher:
Cpc Net Advertising LLC  (signed and verified)

Product:
nuevos-programas.com Downloader

Version:
1.0.5.42875

MD5:
ac67390aac66aaa757350614fbd637eb

SHA-1:
bd58fd45d0185f3b20b011915128bf82091189f3

SHA-256:
8fc4b4da5259325d199a1efb95e3e513d19470384f31c1932db2a01a86bb0c17

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 1:40:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.CpcNetAdvertising.Installer (M)
16.1.19.13

File size:
927.1 KB (949,320 bytes)

Product version:
1.0.5.42875

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Digital Signature
Authority:
thawte, Inc.

Valid from:
6/30/2015 5:00:00 PM

Valid to:
6/30/2016 4:59:59 PM

Subject:
CN=Cpc Net Advertising LLC, OU=IT, O=Cpc Net Advertising LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2BC1DD7AA35DE89A0D5276ECD7AE32AF

File PE Metadata
Compilation timestamp:
8/3/2015 9:00:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:PywfG3L0GwHlaNK/0EbZ1G1rx5Dzhwh6IdO+/FkkR2/JqfwT2+pHTEsMJr2:PZf40GGaNK/bu1LXhwh6AO4F6xs8NTGy

Entry address:
0xDFE5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8210

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
888 KB (909,312 bytes)

The file adsearches_chnl2_1.0.5.a0.1_42875_131_cpc5july_stub_d2.exe has been seen being distributed by the following URL.