bnd_100_9_2014515_1122.exe

Navigation

Navigation network co.,limited

The application bnd_100_9_2014515_1122.exe by Navigation network co.,limited has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from kisa2.net and multiple other hosts.
Publisher:
Navigation Co., Ltd.  (signed by Navigation network co.,limited)

Product:
Navigation

Version:
2.0.0.998

MD5:
85a01e498361898edb901a501f5ca4bd

SHA-1:
bd12fcd8ffe19f4a7db1cb8db84b1b2cba847aed

SHA-256:
8a3cebddc16daa650c481f41caccc78ed38b4fcfba88dc955d0d830be21dea2e

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/25/2024 3:54:54 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
18876

ESET NOD32
Win32/AdWare.Navegaki.A application
7.0.302.0

IKARUS anti.virus
PUA.Navegaki
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.PortalSepeti
v2014.08.13.06

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Navigationnetworkcolimited.W
14.8.12.15

File size:
827.4 KB (847,224 bytes)

Product version:
2.0.0.998

Copyright:
Navigation Copyright (C) 2013

Original file name:
Navigation.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bnd_100_9_2014515_1122.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/19/2014 3:00:00 AM

Valid to:
2/20/2016 2:59:59 AM

Subject:
CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata
Compilation timestamp:
5/12/2014 1:12:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:858k+z/LGen68CTOUZCEJ4+aSXEag9gIE8W4p+uDCNdmqEuATuFG0xrUYO0G6HPh:87A6VCEJ4+vXEdM4IyNulG0q0G6HPh

Entry address:
0x3BEB3

Entry point:
E8, F6, BD, 00, 00, E9, 7F, FE, FF, FF, E9, 86, F5, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74, 13, 8B, 55, 0C, 85, D2, 74, 0C, 8B, 4D, 10, 85, C9, 75, 19, 33, C0, 66, 89, 06, E8, AA, 2C, 00, 00, 6A, 16, 5E, 89, 30, E8, E1, 72, 00, 00, 8B, C6, 5E, 5D, C3, 57, 8B, FE, 2B, F9, 0F, B7, 01, 66, 89, 04, 0F, 8D, 49, 02, 66, 85, C0, 74, 03, 4A, 75, EE, 33, C0, 5F, 85, D2, 75, DF, 66, 89, 06, E8, 75, 2C, 00, 00, 6A, 22, EB, C9, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 8B, 4D, 08, 8B, 45, 0C, 53, 56, 57, 89, 4D...
 
[+]

Code size:
340.5 KB (348,672 bytes)

The file bnd_100_9_2014515_1122.exe has been seen being distributed by the following 8 URLs.

Remove bnd_100_9_2014515_1122.exe - Powered by Reason Core Security