home

burgershop2__6771_i1216353532_il4481.exe

Wilmaonline LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application burgershop2__6771_i1216353532_il4481.exe by Wilmaonline has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from mobk2.adk2x.com. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Wilmaonline LTD.  (signed and verified)

Version:
1.1.5.55

MD5:
445ef01a1c80e1b904e5608d94581b70

SHA-1:
b436992ca994c6fdaf5168096f1e10685eafc419

SHA-256:
8f1b5ea9ef220cc74b78fc26e82b65d578789b7a8e79df1e92fa027127a9b071

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/16/2024 4:54:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle.Wilmaonl.Bundler (M)
16.6.26.6

File size:
438.2 KB (448,704 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\burgershop2__6771_i1216353532_il4481.exe

Digital Signature
Signed by:
Wilmaonline LTD.

Authority:
Thawte, Inc.

Valid from:
7/6/2014 9:00:00 PM

Valid to:
8/6/2015 8:59:59 PM

Subject:
CN=Wilmaonline LTD., O=Wilmaonline LTD., L=Raanana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B7DF4C242BFBB654DA05B78A86926AA

File PE Metadata
Compilation timestamp:
8/8/2014 12:14:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:JVV0zJWDkTZAp42QtfRU1dGqTbLV5xZl0KR:FwTZAp2t+1dJbLV5XR

Entry address:
0x10FBF

Entry point:
E8, E2, 56, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 4E, 3A, 00, 00, 75, 18, E8, F5, 2E, 00, 00, 6A, 1E, E8, 3F, 2D, 00, 00, 68, FF, 00, 00, 00, E8, 37, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 3C, 4E, 3A...
 
[+]

Code size:
100.5 KB (102,912 bytes)

The file burgershop2__6771_i1216353532_il4481.exe has been seen being distributed by the following URL.

http://mobk2.adk2x.com/click/Z0f5sfP8B_StXD9BFL5Gka8GxSqVSwelUM8Iojz3aAVNQoh75SufMc5zPViJPbgZjKcsaqLaD3O091V7jVEb30esd-VqYRS7L8eCROD8QhdQpPtYVcigNZ_4TyiVuj4sA35Ko73aKWfepCitO_yhdNZcQlU1cwKH4xcMijCzLHtnGKuE5Yn8lzUPHmRFUwJ05sauSIPeGIWvKF45m_C-xSin3cotU5bfQw_eS0JvZvYJEskZ-ahEl7MH9ao//http://www.freeplayflashgames.com/.../burgershop2-v2-dd.html?ver=1.1.1.72&epu=no&ci=6771&ti1=Z0f5sfP8B_StXD9BFL5Gka8GxSqVSwelUM8Iojz3aAVNQoh75SufMc5zPViJPbgZjKcsaqLaD3O091V7jVEb30esd-VqYRS7L8eCROD8QhdQpPtYVcigNZ_4TyiVuj4sA35Ko73aKWfepCitO_yhdNZcQlU1cwKH4xcMijCzLHtnGKuE5Yn8lzUPHmRFUwJ05sauSIPeGIWvKF45m_C-xSin3cotU5bfQw_eS0JvZvYJEskZ-ahEl7MH9ao

Remove burgershop2__6771_i1216353532_il4481.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.