angry.bird.rar_977di.exe

FELT LTD

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application angry.bird.rar_977di.exe by FELT has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Winner Download Manager installer. The file has been seen being downloaded from lfd.tusoftware.org.
Publisher:
FELT LTD  (signed and verified)

Description:
installer.exe

Version:
1.0.0.1

MD5:
49430977342d99f5e81fc2f876a12f6c

SHA-1:
26361616251c39ad61f4d9d8a191fe6037021e6b

SHA-256:
be96152120c3b6449363df27f377c5178dadf477da0d8b9c61e397a98abcb3ce

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/29/2024 1:45:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TIMP (M)
16.8.3.11

File size:
2 MB (2,146,304 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Winner Download Manager

Common path:
C:\users\{user}\downloads\angry.bird.rar_977di.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/19/2014 6:00:00 AM

Valid to:
6/20/2015 5:59:59 AM

Subject:
CN=FELT LTD, O=FELT LTD, STREET=Dzerzhinskaya Street 16, L=Dzerzhinsky, S=Moscovskaya oblast', PostalCode=140090, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
31F9B93D116C600219FBC64B8D334372

File PE Metadata
Compilation timestamp:
10/2/2014 2:33:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:qBKDtqWB3J6iCReLFAWzD273ii+4OZ0pKVbyVp:mKDgWZYiZTs3r7OCpuyP

Entry address:
0x667F

Entry point:
55, 89, E5, 81, EC, C4, 00, 00, 00, 68, 11, 27, 40, 00, E8, 9A, 5B, 01, 00, 6A, 00, FF, 15, 08, 31, 43, 00, A1, 98, 70, 43, 00, 33, D2, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, 18, 0F, B6, 70, 0E, 0F, B6, 59, 0E, 2B, F3, DF, E0, F6, C4, 41, 7A, E6, 33, C0, 3B, 45, 08, 77, 15, C7, 45, B8, 00, 00, 00, 00, 8B, 45, B8, 89, 45, E8, 8B, 4D, 08, 0F, 94, C2, 8B, C2, 33, D2, 3B, D9, 74, 0E, 8B, 45, EC, 83, F8, FE, 74, 18, 89, 75, 98, 8D, 7D, D8, C7, 45, A8, 05, 00, 00, 00, 8B, 45, 98, C6, 40, 41, 00, 8D...
 
[+]

Code size:
200 KB (204,800 bytes)

The file angry.bird.rar_977di.exe has been seen being distributed by the following URL.

Remove angry.bird.rar_977di.exe - Powered by Reason Core Security