angry birds provided through ads med network cpa.exe

SuperInstall

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application angry birds provided through ads med network cpa.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from stapi.maxrevinstaller.com.
Publisher:
Live Soft Action S.R.L.  (signed by LiveSoftAction)

Product:
SuperInstall

Version:
8.50.4.1

MD5:
423f0b0cd7d7c16ad1e310f2e656046f

SHA-1:
069dfde4470443e26b72a166269ae08cba4de3c7

SHA-256:
ac6d6fedf347e8dd1bdee4842ad3b4275299a173404254ebe1d16e30b8f3a373

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 7:14:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
17.3.7.16

File size:
682.4 KB (698,728 bytes)

Product version:
8.50.4.1

Copyright:
(c) Live Soft Action S.R.L. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\angry birds provided through ads med network cpa.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/13/2013 5:30:00 AM

Valid to:
12/14/2014 5:29:59 AM

Subject:
CN=LiveSoftAction, O=LiveSoftAction, STREET="Str. Dionisie Lupu, Nr. 64-66, Et.", L=Bucharest, S=Bucharest, PostalCode=010458, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2CAFD284C3B4147AD3E7601989FCCF42

File PE Metadata
Compilation timestamp:
12/11/2014 8:57:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x197E70

Entry point:
60, BE, 00, 60, 50, 00, 8D, BE, 00, B0, EF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8947

Packer / compiler:
UPX 2.90LZMA

Code size:
588 KB (602,112 bytes)

The file angry birds provided through ads med network cpa.exe has been seen being distributed by the following URL.

http://stapi.maxrevinstaller.com/api/.../setup.exe