home

bundle.exe

YBR INTERNET LTDA

The application bundle.exe by YBR INTERNETA has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
YBR INTERNET LTDA  (signed and verified)

MD5:
617e9a160b8150b48712228487c70f55

SHA-1:
68ae520ada27ecc5c3feef7f13f21a62f850bf84

SHA-256:
3911a85c9bd19faf76b07bbe6afad490f677c8a3ea774af21a8cdb3b188ea79a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 7:14:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.16.0

File size:
1.5 MB (1,546,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pc mega rapido pro 2.1\bundle.exe

Digital Signature
Signed by:
YBR INTERNET LTDA

Authority:
The USERTRUST Network

Valid from:
8/16/2010 9:00:00 PM

Valid to:
8/17/2011 8:59:59 PM

Subject:
CN=YBR INTERNET LTDA, O=YBR INTERNET LTDA, STREET="AV LUIZ TARQUINIO, 56 - SL 104", STREET=EMPRESARIAL MAFFER CENTER, L=LAURO DE FREITAS, S=Bahia, PostalCode=42700-000, C=BR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0B262473E2D1F7A61E9571F919FE2699

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x8E9C0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, E0, E4, 48, 00, E8, EF, 7A, F7, FF, 8B, 1D, A4, 14, 49, 00, 8B, 03, E8, 0A, 3F, FD, FF, 8B, 03, BA, 38, EA, 48, 00, E8, F6, 3A, FD, FF, 8B, 0D, 74, 15, 49, 00, 8B, 03, 8B, 15, 5C, D3, 48, 00, E8, 03, 3F, FD, FF, 8B, 0D, 24, 16, 49, 00, 8B, 03, 8B, 15, 00, DE, 48, 00, E8, F0, 3E, FD, FF, 8B, 0D, E0, 14, 49, 00, 8B, 03, 8B, 15, 6C, D0, 48, 00, E8, DD, 3E, FD, FF, 8B, 03, E8, 56, 3F, FD, FF, 5B, E8, A4, 56, F7, FF, FF, FF, FF, FF, 27, 00, 00, 00, 50, 43, 4D, 45, 47, 41, 52, 41...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
567 KB (580,608 bytes)

Remove bundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.