home

atube-catcher-3-8-7980-32-bits.exe

SD Internetworks Ltda.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application atube-catcher-3-8-7980-32-bits.exe by SD Internetworksa has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.baixakidownloadfiles8.com and multiple other hosts.
Publisher:
SD Internetworks Ltda.  (signed and verified)

MD5:
31f973b402c3448bca04c4c41da7a341

SHA-1:
c3ce553ebdf5b2ead2e5f32b3db56ef0634e5b7d

SHA-256:
2619f2a0468acba14b4499ff6c84ac4a78149eee7a6d2017f54546eb78c5b7a1

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 7:30:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.179.162

AVG
Generic
2015.0.3306

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141030

Comodo Security
TrojWare.Win2k.InstallCore.~QC
19852

ESET NOD32
Win32/InstallCore.QC (variant)
8.10587

Fortinet FortiGate
Riskware/InstallCore
10/30/2014

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

K7 AntiVirus
Trojan
13.184.13727

Malwarebytes
PUP.Optional.InstallCore
v2014.10.30.06

McAfee
Artemis!31F973B402C3
5600.6962

Reason Heuristics
PUP.SDInternetworksa.EE
14.11.3.21

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34072

File size:
669.4 KB (685,464 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\atube-catcher-3-8-7980-32-bits.exe

Digital Signature
Signed by:
SD Internetworks Ltda.

Authority:
Thawte, Inc.

Valid from:
9/16/2014 9:00:00 PM

Valid to:
9/17/2015 8:59:59 PM

Subject:
CN=SD Internetworks Ltda., OU=IT, O=SD Internetworks Ltda., L=Sao Paulo, S=Sao Paulo, C=BR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3B7B9F2EB09EB829AB8566A2227989A4

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:C0vpehJqZYjPS78hAGkl9ivgkK8UZ955UKl08b2eU:C0vkhVuAhAGikgkKXZT64BU

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file atube-catcher-3-8-7980-32-bits.exe has been seen being distributed by the following 19 URLs.

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-62-71-4102017.exe

http://d.baixakifiles2.com/?ic_user_id=254&data=F0N1UmEJrwyzFQbohCt0RQoE 1snIOqf60aFpgwdlTYXieDIidn 0i6NBrFsTaIXm5 M9uEbYpE0E36E9Eg6cV1rvz7Q4ZGTrMepi6valX9EMr06v4R3zzn90G/WecPUfhlp3LMOlWUzrmuoVB bXTRoob8QBoOXF0bt9fgNtbaRqMu8CfmrMiAhuTaZzscjxP3sou4ZVrQVrrJg TH/Uj5Lu6seYVXVSYIeBPFghnJ1WQDLgeNrHF2DodK3NOMZDB6UMdPcErmCwNFhsIhwxJxSQJvvFgDpZQe6RjThqH AcHqhwBBIR1eh4Vbw//3cDFcg3FUJvp0IvGsfYCpDkJxALBP1/o3jbgkC/DLLILYwTfQdkZED gGAbiz39zH0DqpEzH yJb5RW0fdfKFoJSzmN3fVJT031z7loL1ed5AVfbs8TJjTcrC0D8x63O4MpHUQqqTw5VfOh9f5ca0LyZyHB0PH53ZydI/VT64sbCUkEN5eA/uIWwefyKtYA5WVUtqPZMx RONKJo3wzcPUrOTekgDjqw6999SgXtbjtge3NWcaxpM8j9UomjApYLAHeIu1vUZWsgPiHgQ7jiec4uEEEmz1Ly75F/WoVBQHjqfyZrwqyduMdaruQrH2fXQEvryRYIDROWZLiLdb8nKr9CteE7SNHCaRRflavtOmH6WuydPXD3xWxw4JUFAqOrXujy2vphaUQMyOECaVBj1dTaxeQWXS/I82sZUMzNLeODakRwY44fBY8jJTPQqDdL4S7hQ7YCkU0y0tQy9MCjptOgIfq/.../VJV6yRMhy

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-73-81-4102017.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-83-61-4102016.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-74-91-4102019.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-74-12-4102018.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-63-41-4102017.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-75-32-4102019.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-23-12-4102019.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-53-71-4102017.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-9-02-4102016.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-13-21-4102016.exe

http://d.baixakifiles2.com/?ic_user_id=254&data=4d RfB3hNO3Np0IOLJFnZtCOGCA3VGeirCOpR6aPCitIC4cLN1NXg4IkUg5ptwtu2jVLwqb19Ti8Y0iuJ3hNaVNBYeHdFVSlScTg2psrjE8jGtV6ozJMm79zMEjs6Va8WtEohDwlXHyp4gppQlcmsW6EDryb2N1984Y7BVoI7ktaBxWZgNjgDKNdWctz1 GD/5Qgfjw/zwqO DZ1gpRJFojxyRsUm4NOToXnDBQk41h1oeyzQsdD47 mq9Hh8ZS5a96CSGBXd2RcSbfCBTyXwq/OsZz4dPe9K806sY7acd4dl4Zb3kT2O65bQNTjlfEhjFB eLAENYWcwOb4OJkha8u731hMIdpj3G2zAK1EJ OmdHoLlkFFrycwzohqocCVAJRtceC23nRoCXSH2wqhdRnNnJg0W5oLBGh3p90d0hb6oySk037owpFCY vrUCSxLd6pUmdvOk89bldofVfYov qygkOARGgnZyGOV/8Uji9D4AOF0cjIwboOowwFqfOKKo6YSQijhWfLJQKLPYkEsqleDnm56M54l0k/w20X9L82jxrScYfvHwFpg3I6nKi7LFv76mZ1Jx9kj8AzvLcETz4hplKt oE61zyQco4ydj ah5haWAMy96BilkIjJNaKAdHURNE r9H1fquSmg qUk5JF5ZGu8OHhFLemUDikrGV6d4Bk3M8PAxJcM8BpkWtlCOvfidOCYWi2rXmBd7d8u6WxdlRz2QH/DRHnRMPMrUBSSDd2x55xyQny47TSnBNwG5YyYx44Yq8zwn9BnYjGOBNeTpwKGs3sU=&key=qDFjX9dzhhTiiuWvzvrAs1Z6rd7Ky8DQsfiNxPTYGroLgFTpGY1pssh6CaEJn/.../QYPuA27nCGok1SUMsA 7i0 VUbSu94paC2Ml WkC7vNMPmui0vXaDtwPUA

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-95-61-4102018.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-64-11-4102019.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-9-71-4102017.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-24-22-4102016.exe

http://www.baixakidownloadfiles8.com/nocache/programas/urls/iron/.../atube-catcher-11-02-4102019.exe

http://d.baixakifiles2.com/?ic_user_id=254&data=yw2ZYVEqwjk5cmFTARDZdlKcTGp4jA6wpqodekY1u6Kr/isBoFMUsJ70CNRNJBRvK6/wPD9EQdh4LlEw/7 29jq/cRRcTdV8EgQZWp/8slp wy7Nn7Mfbtv1nAW2bvO6mAksee8H1oR6OElxLD Sf76p 4KVtKfYUhpCs6AOwxv8Z1I5Shz3aF3BL0rPdGhC4lm1L/YzquBJIUEZKAVZfUdRIyq2PmWnrs9jFHREq81I2hA8m44a9MiwCxKZsvzFl3Y6zoaHfN1mqAeoE9SwqCkRc6uXsyshvIK3aTzf10ZQ21/iLRdxErZje/evmI3qlmcsvmzfd6AXpah0Ft8lInMvh85QG2mTURUvFAK23/ierFv12B1nsX7dfab6KsLumOPWMZ63SW985uzZNaagH65dLGOB9LpsibNxBm9MFnLvTnvVR90uRGSs vesJoOXOhX0Qs7taAKvjIC/S6DSN34YI9jn4w8BNjxG0EXC41UF7IJ3Vq6zpIeM2rPYxHLpsKliMLsU UI4EGMjIHb9FaqvL1R7YBEFSTPRyG4fyRXmDGYQ3HOlT6gsMsSEbths42dxHYRllYcm6gt44XGl9kiWHnTk38zVn3BTCYIrKmYTnyv9N7pNPU4YppnmDi BwDwhHxwETS6TthlHyi8vAejmPydsdlLb2VlKNncnBTFaJ4ofPX/fRC7aiupjszy5nGS5xxjNA3XNlWo7HdnQAzqlPdJo1daYIL7HufMBlHunXl31zChyab1mOCEj8uBpWXxh84o63GLXK6VeNw1QOkt8ub 3DVYeAw=&key=LHF8D02YYmDHc0 BS/.../nZnFKf55ZQB8mS

Remove atube-catcher-3-8-7980-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.