beyluxe_setup521-25894356.exe

ProInstall Applications SRL

The application beyluxe_setup521-25894356.exe by ProInstall Applications SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.reporting-download.com.
Publisher:
ProInstall Applications SRL  (signed and verified)

MD5:
3e5e8d581d4d45687619f77abe79820b

SHA-1:
a8ddcbf5092bf5af1ff53f714fc427f0a59551eb

SHA-256:
c7338462dab126e6a69676acf7043dc088be486154eab08f490591a283a4547f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:50:31 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ProInstall (M)
16.7.18.15

File size:
210.5 KB (215,528 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\beyluxe_setup521-25894356.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/30/2014 3:00:00 AM

Valid to:
12/31/2015 2:59:59 AM

Subject:
CN=ProInstall Applications SRL, OU=iops, O=ProInstall Applications SRL, STREET="Bd Decebal 25-29, Et 9", STREET=Spatiul 9.1 Camera A, L=Bucuresti, S=Sector 3, PostalCode=030964, C=RO

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF972B5E3981E787C9DBFFB307AD7D02

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:5QpQ5EP0ijnRTXJd60suMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMHMMMMMMMMMMMMf:5QIURTXJdyvd4e3pdUR6jTCGI8Ujz0s

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.9387

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file beyluxe_setup521-25894356.exe has been seen being distributed by the following URL.

Remove beyluxe_setup521-25894356.exe - Powered by Reason Core Security