» blockyoutubeadssetup15.exe
Overview
Analysis
File Details

blockyoutubeadssetup15.exe

NCIS Technologies Ltd.

The application blockyoutubeadssetup15.exe by NCIS Technologies has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

NCIS Technologies Ltd. (signed and verified)

MD5:

f793dcb81dde0c0d153ff65a24e7f316

SHA-1:

c00b7ffdbe0d46c8a9e5607a24132aded3e3c94f

SHA-256:

2d0813d53f9fa080b1d03cbaec81d2a88577635cca9061ca071280f0c2014c1a

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 12:52:13 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.MarketScore

7.1.1

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.90.156

avast!

Win32:PUP-gen [PUP]

2014.9-160414

AVG

RelevantKnowledge

2017.0.2773

Bitdefender

Adware.Relevant.BH

1.0.20.525

Comodo Security

ApplicUnwnt.Win32.AdWare.RK.~E

16596

Dr.Web

Adware.Relevant.81

9.0.1.0105

ESET NOD32

Win32/Adware.RK.AQ

10.8571

G Data

Adware.Relevant.BH

16.4.22

Malwarebytes

PUP.Adware.RelevantKnowledge

v2016.04.14.05

VIPRE Antivirus

Wajam

19612

File size:

825 KB (844,784 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\blockyoutubeadssetup15.exe

Digital Signature

Signed by:

NCIS Technologies Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/17/2012 5:00:00 PM

Valid to:

12/18/2013 4:59:59 PM

Subject:

CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata

Compilation timestamp:

12/5/2009 3:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:bZ2lYq6T5dayO0E6F9MCl+SvKmFwS4hn/040pCOf0eFrggMlwcdr0zAb:bZtVT5gzgblFfUn/04mNObdzb

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9040

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove blockyoutubeadssetup15.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.