» blubstersetup.exe
Overview
Analysis
File Details
Downloads (21)
Network (1)

blubstersetup.exe

The application blubstersetup.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts. While running, it connects to the Internet address ip-184-168-221-96.ip.secureserver.net on port 80 using the HTTP protocol.

File name:

blubstersetup.exe

MD5:

3945120eadc697bb2dc5bf9bd0922e9d

SHA-1:

432aad4a94daae2d0a384d0844893d56ecec13ae

SHA-256:

360a8f93b10c04994700f8d02651c5c93c6928313f8e8cd67e5984cc5b7afbd6

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 5:40:18 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Packed.Unknown

19306

ESET NOD32

Win32/Toolbar.Widgi

8.10310

Malwarebytes

PUP.Optional.DealioTB.A

v2014.08.30.08

File size:

6.7 MB (7,005,388 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\blubstersetup.exe

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:MWhU6HUsC5lt4cHre9fiQs+O4Z1EQHHixnE+jXHwg:7UkUL5H4IAO4Z1DEE4XHR

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9993

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file blubstersetup.exe has been seen being distributed by the following 21 URLs.

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1484265678&Signature=Bm8QbV~Tu9RH4C-5cfg95kYukf9MQJdulMLpIsVRpcQKwyaaBmsinVXMrVsDZSrHsp45f-WNLj6pY3f4TKk76F6zmB0Lc0-z2N1y9SFfJbveukLrxbfI4nj3fWqnRN2nOpxylOYPaOf8ocS6d4jHLdFIzLturXiinz1iiS~tCdY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1472208726&Signature=fS~muH0WWY5P0HzlkWcRK2vKknKxeARNXK9yqUmexp9sI~YjwJkWIThS1ZzNJJ5lwP7DnUQdDtG2OrqOPghc~w14R1U2dAsR4ySmQ9geQqq~W-pwvVLenxNKeuCWBotXylmNGbHZTVscqL6AFQZrbm67IDbH-nSxWFLuxDpoS1I_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1468817241&Signature=Gb1I4u7UoBULn50dLm--BcwufL5KCQuTw3x3c5pex-7bxSbmczKzdD8YjEmUDO7BuU1Lya~8tjFllX4og0BMCPUR1OXqp79LB2RTjY70FXFKxnWeqihDPTzbZywqEoVQy0aV~EIYMvyBGehZ7rGmBxGMoO570LWiJN3phi9kflc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1425519344&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=OfSwgq~eQqrTv2YfdINHu2ygfiUeO8AsfxISQJsiqEIVnP2PauJ5Fgif1Olu0cXqgNc8kkpu8yt0D0vCuda3BZsiEsXuFTElJhAFaL7QE90jIY3gz5KxMHM7ALhoMLESyoyhXMy-U-CXSwRYJjQWab4Pr8ZatlyV25cT~c0vGvc_&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1467633838&Signature=bsrcLoRTnyYPffeGFcEJKzGwX8gBTQeA4cPfAQWjZc1VvtnGqMntG9xfjDZTf4jW6yfuMQtzYQybwtJ~1SvKFMAy3P-5XEgrJpGaYlwuRHoNTTcHj7LHXP3GJsoznOVdiqQ3Dlela1Cxt6ZozEBF9K6Fgjwp3sEph5Ca6G6KxpI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1479503663&Signature=C2yYWiiNP9iBXNNTizsxEcZUPi3~WylFXzzr6r4iWoD-qZdP42jmY3MNWP9HTzYQSynRgJsUMSXIstXada2Y4J~OgJXgt~bz2BbudyasZhEDqMsH7tq-XgfK41tQ8gUIVDhH4funkW-2mLcQeBeVps6diXPnLTUYJH-xw2NNnKQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1478048914&Signature=b8Q7HuzPrNsLj0z0NYvDEPd~9qfuLcBZKMD97hT7PCABMSUlkUi3vuUT3jEJ13exZuLvCfnaprSAzZS8oMMxKFDDTeWJ2icRwuoIyW8IPkZp5Dcv8EWjXtR4q0jOzVnVq3SVtqEh9jWa-EkUeqnxPOiygVr5SbU~ZHciuSE8FZY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://www.blubster.com/.../download.htm

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1478144445&Signature=d4v0IMGzomrH17tm2wTtl7ky3LVek31wQnIDj~4Mq4iftuH6YcF-oX57regw2NkowFbp6xhZklSGmEZY0jbv4bliD~H9TjnhjEm9o2foemGr-aD6MVG5TqHKY7Ny6bniLHBQAeHUg7EAZFKavhRSIZKdhOnDekYIL8lEK2FwLmE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1425294319&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=MDDyt8pRV-WRmN-DEIS1Z7oqfdSth0GqNIkKPlGM6eu9oBMWK8S7s6Ha2p7ibnZZHVBwyvcFzSy-pMmdurLZ-IxsYk-Zvi1ie4IRroWaEM9Z5AgB72SCmsIuC59Yt8N59~~v46rRliXb60n5Rf5aZnQuHqQ53JhM1LmjIvnAp5s_&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1478767503&Signature=iGxySIvWaQatq3KnscS1irIR-Y8frtSgPoWPs5n~v6ym5qXV93HSMWVoUan4ztzkAXWWbq7wOW4CAr-P4h9tHse6oxpTPUnTjcRisx2-MEniYFfsyguGFNaPfCpykAT8qg3mbCion~Rwch7OsgnZcyZiaGcS1Tglei1vy37OLYs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1477741869&Signature=D2tZzv13zBQ5QusdcedKxrRU6DJ6vNn8MrV6GhAVBCNYxALOvWD6QtyjeOSFYJHOGQJkB6Nmpn6Qv1gTsTLEUntEoj1f5Rz49YIhA5XdtAZbF5HkOtE4h17Jcjyq1iOvKSMtbOCOg8aSBXMb4s9zkJd4qMmnH9j6XOD0e3SIFcA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1478131540&Signature=gIKS68SVCUTVnRTi1sMO-CK3dOr8RY4b7ewz7GVazvzwOYtI8wePRTFq5G4Li-hBIp74OFqGZw0uqrB09lkMG6qPFzEVaPDGJgkZJUac8r9ABz1xj~VHBKHQkKJcAWjrjGqF~ZMJU8XBOhCRx2v8wkgzVG9sjIVYhSlzSOhjb0M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1461982395&Signature=QzznfhHnjN1xWzA3aRUEl~OxBoIz7OeSCgUr3m3kBJHBTDPn53CWfnIeJef8vQK~0k-hmOXZy3cycu4VTI0vqE7uVYKV-Ugawpat0awsEeW2bVJ~Zf02MEwXL5bn52l3GVPpzSZnIf0i5ZoLPHSmFeHxK2wc9Cw2g1vwbznaZJo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1471874189&Signature=gOasHqWIpggbozDryqAsZxS4jWx5tnsR5gSR1jh~T8CcdOJgHRFUqZ9dFbW3sgINo6qxdeNOkViSpZOhGT7ZQwIQ4~oaC4zeYRnOHxaAbLLnD6hIdKln1tiDWtguwfD3KF0I3cItf6gJ~aSDI74pFis6vnb0AE7NhN4AVj8tZ0E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1471960981&Signature=AT9uvXWvcfIBD06W-P5SHkSfrgRO4zea8QlZe~CBuIWBTxJ26Idkz86jSM3TNjhY5L5YRq5EgCxfSQwZ8Qv0Moub3WD94Ie69Ae60SNDhpF2Nw5e8u~UOC5X5FEmGcdJPjIjnOnL3Rq0EWO-rk2Fv0R33YDH44oPkuMgq2-67xs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1469997087&Signature=h~yD-SA-8MZbMkOlLQgT6Yi6I6TTrkqamsJSn~mvTbkILYmvQLG9Kb8Eg~JPNt8ma5r8VOLL0H00IRmex-biHvaHRwc43aC2NhWteMynNXLE5eposMvx01gugY2C2rKqUXnENf2QDHEqzQ0HVPhIe2y4EjYv-P7NzFbc1pW-lvk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://dw4.uptodown.com/dwn/QwoNKF851aoCTk-nnAgyX4eeEIcEnYRMGRiSCi6n6XOQwRgeyYHKyOv_bevX5IpcyiAnzjz5-Nl8KhMsmr4_ZVrfJbFavAeQDKOydIqkxSfCBu1P_MJ5p2LCZVIiq9UA/y7oNPWcG94d-L8NsN1mPkhOf3pSXZS1nw3JDeugGvdXPs-9yEC7j0ztdoL0FFstxZ6Nu32iJTxj_Pn-bVyBLWWgsW80jp9Yd0B7PRax3pkN_bzbugF7tbzmFoPxWU2m4/.../blubster-3-1-1-en-win.exe

http://www.blubster.com/BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1449940332&Signature=gytIJ-Oq3j-R66HG8dz32ROllO~WFM-VCKTcioj2coHcaSeahg51lhUtPVzO26YRPeZABYwI07c0D4cHkQl~JDpUyoB9DJTNSbEIaXDa2-f~pqt~sPoXEgCzc9Ex42E5G24fn7dt~9AhaPNEQHRXVir3JGr8T40AKsTf3pOZAZk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=BlubsterSetup.exe

http://gsf-cf.softonic.com/432/aad/.../file?SD_used=0&channel=WEB&fdh=no&id_file=19265&instance=softonic_en&type=PROGRAM&Expires=1425888519&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LSz9Pg1ApH83~SRBI7n5QK7Y0bUVu3PketqcYeo0ir0c9TUezSo9MFA~HECnoKbAoPWLsSDZtVPSXkSkzHasJCkPQ8lsPAiBB~iVWGnF9bqGF7s4VAP9hCPmbnoirhtP3NYf24bShQeXUZJR16kmYZmxg2qyY~xRo1w2fTomlH0_&filename=BlubsterSetup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ip-184-168-221-96.ip.secureserver.net (184.168.221.96:80)

Remove blubstersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.