bundle_flowsurfcb.exe

Chicago Blackhawks

Smart Marketyng Solyushynz, TOV

The application bundle_flowsurfcb.exe by Smart Marketyng Solyushynz, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.power-ful.xyz.
Publisher:
Chicago Blackhawks Ltd  (signed by Smart Marketyng Solyushynz, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
a13d064f15f1e41e7d7ffee56e3c7c6e

SHA-1:
254f0c23548551b2f1227a003f998cae0818c7a3

SHA-256:
6f602ac630655d18ecc3dbb48132011dea4c7f54e11eaf4b493222b51833875c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:48:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.SmartMar (M)
16.4.28.1

File size:
297.5 KB (304,664 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\setup wizard\0254556e-0ad2-4fde-aa3d-56c4b923fa98\bundle_flowsurfcb.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 2:00:00 AM

Valid to:
4/18/2017 1:59:59 AM

Subject:
CN="Smart Marketyng Solyushynz, TOV", OU=IT, O="Smart Marketyng Solyushynz, TOV", STREET="VUL.Strutynskogo, 8", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EF50BB663E4541D536358DB34EADA49

File PE Metadata
Compilation timestamp:
4/20/2016 10:11:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:C1MONY/b+wtzE7VzTqLvTQ5qQzINxP1eW/f8KaE0aNw:nWYySIpTqLreqgKaEDw

Entry address:
0x3A1D

Entry point:
E8, 7D, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, ED, 3B, 00, 89, 0D, A4, ED, 3B, 00, 89, 15, A0, ED, 3B, 00, 89, 1D, 9C, ED, 3B, 00, 89, 35, 98, ED, 3B, 00, 89, 3D, 94, ED, 3B, 00, 66, 8C, 15, C0, ED, 3B, 00, 66, 8C, 0D, B4, ED, 3B, 00, 66, 8C, 1D, 90, ED, 3B, 00, 66, 8C, 05, 8C, ED, 3B, 00, 66, 8C, 25, 88, ED, 3B, 00, 66, 8C, 2D, 84, ED, 3B, 00, 9C, 8F, 05, B8, ED, 3B, 00, 8B, 45, 00, A3, AC, ED, 3B, 00, 8B, 45, 04, A3, B0, ED, 3B, 00, 8D, 45, 08, A3, BC, ED, 3B...
 
[+]

Code size:
33 KB (33,792 bytes)

The file bundle_flowsurfcb.exe has been seen being distributed by the following URL.

Remove bundle_flowsurfcb.exe - Powered by Reason Core Security