atube_catcher_setup [25-4-2012].exe

aTube Catcher

DsNET Corp.

The application atube_catcher_setup [25-4-2012].exe by DsNET has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
DsNET Corp  (signed by DsNET Corp.)

Product:
aTube Catcher

Version:
2.9.909

MD5:
da4d276ecefb8be6fdafab524fb81bd2

SHA-1:
eee6ee845c9ff8855f1c260c02a52575727f7a1a

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
11/5/2024 4:49:15 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.9479

Malwarebytes
PUP.Optional.OpenCandy
v2014.05.01.02

Reason Heuristics
PUP.DsNET.aTube.Installer.Meta (M)
16.6.9.12

Rising Antivirus
PE:Trojan.VBInject!1.6546
23.00.65.14429

File size:
12.8 MB (13,405,584 bytes)

Product version:
2.9.909

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\documents and settings\mulder\bureaublad\atube_catcher_setup [25-4-2012].exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
3/8/2011 1:00:00 AM

Valid to:
3/8/2014 12:59:59 AM

Subject:
CN=DsNET Corp., O=DsNET Corp., STREET=Plan de Ayala M3 L30, STREET=Mexico Revolucionario, L=Ecatepec, S=Mexico, PostalCode=55266, C=MX

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009934C0F374A7790598E44428C2B46363

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:lcTfjSX40GoFuhYMLX2Ky9ZFrHWR4xGDAAy0M:wmXjGoFuVXbyRaaQDyL

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file atube_catcher_setup [25-4-2012].exe has been seen being distributed by the following 4 URLs.

http://dw.uptodown.com/dwn/rcpqTVR0L4p9w2tggjIAQ2KrUfwF3EooQXS10vRAsfHBjM6W3waic_eAz_kHa4E-B-8L75-Z7qfpwa34nwTFGYhcZo7qH8jXNKbjPDtTU03bJ8Q0SHQoUBFU8RUpCXLP/9ZiYCb5-otS8bjb82cuFXnEhZPskjUmF3ZAVSil4sEJYWwZ8wqLlDp5ualci9MK9DTZb4LTqaa20KUqzsLV5F6zGfWRqPKcHStqnbrefVyaXV1KQk80e8mImFU_Rc21d/.../

Remove atube_catcher_setup [25-4-2012].exe - Powered by Reason Core Security