cbsidlm-cbsi183-spotify-seo-10912348.exe

CBS Interactive

This installer uses the CNET Download.com download manager (private label) in order to provide monetized offerings to end users. These offers could include ad-supported toolbars or various web browser extensions. The application cbsidlm-cbsi183-spotify-seo-10912348.exe by CBS Interactive has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. Additionally, the file is typically installed by a number of programs including PDF Reader for Windows 7 by PDFLogic Corporation and Tweaking.com - Windows Repair by Tweaking.com. The installer utilizes the OpenCandy pay-per-install (PPI) platform to offer various adware toolbars and extensions during download and installation.
Publisher:
CNET Download.com  (signed by CBS Interactive)

Product:
CNET Download.com

Version:
5, 4, 0, 183

MD5:
609b83259466f78ec2014119b22100f8

SHA-1:
23b050563a81a1c57daba7805b1e3e6b4c874f2b

SHA-256:
b65a6a814914a8a94dbfeee228f70009bdfef18a3a76692ffe0234b789a3a9a7

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The installer is a co-bundle distribution utility that might contain adware or various unwanted programs. While the software it is providing is typically clean, some of the donwload manager offers could be classified as unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 12:55:31 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Downloader
2014.02.23

ESET NOD32
Win32/CNETInstaller (variant)
8.9457

McAfee
Artemis!609B83259466
5600.7211

Reason Heuristics
Bundler.PPI.CBSInteractive.e
14.8.1.0

Trend Micro House Call
TROJ_GEN.F47V0220
7.2.53

VIPRE Antivirus
Opencandy
26726

File size:
909.1 KB (930,952 bytes)

Product version:
5, 4, 0, 183

Copyright:
Copyright (C) 2013

Original file name:
CNET Download.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\cbsidlm-cbsi183-spotify-seo-10912348.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/21/2013 5:00:00 PM

Valid to:
8/21/2015 4:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E4BA2EE1F4C2B3D88BE589DA3471167

File PE Metadata
Compilation timestamp:
2/18/2014 12:44:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:C9fsCZCJitAJ+SKsjIBJ4qZkYCk1iTX77xq6L86:C90ECita+S1jIsqZkjk1i/NZ

Entry address:
0x2256C0

Entry point:
60, BE, 00, 80, 54, 00, 8D, BE, 00, 90, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9258  (probably packed)

Code size:
888 KB (909,312 bytes)

The file cbsidlm-cbsi183-spotify-seo-10912348.exe has been discovered within the following programs.

Airytec Switch Off  by Airytec
Publisher's description - “Switch Off is a lightweight easy-to-use tray-based system utility that could automatically shutdown, suspend or hibernate your system. This could cut your electricity bills and save the Environment by lowering your PC power consumption.”
www.airytec.com/switch-off
About 5% of users remove it
PDF Reader for Windows 7  by PDFLogic Corporation
www.pdfseven.com
About 8% of users remove it
TradeManager 2015  by Alibaba (China) Network Technology Co., Ltd.
About 2% of users remove it
www.tweaking.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file cbsidlm-cbsi183-spotify-seo-10912348.exe has been seen being distributed by the following 50 URLs.

http://software-files-a.cnet.com/s/software/13/37/48/.../cbsidlm-cbsi183-Virtual_DJ_Studio-BP-10168580.exe

http://software-files-a.cnet.com/s/software/13/37/22/.../cbsidlm-cbsi183-Euro_Truck_Simulator_2-SEO-75883879.exe

http://software-files-a.cnet.com/s/software/10/59/93/.../cbsidlm-cbsi183-Need_for_Speed_Carbon-ORG-10599346.exe

http://software-files-a.cnet.com/s/software/13/05/87/.../cbsidlm-cbsi183-Free_YouTube_Video_Downloader-SEO-10913266.exe

http://software-files-a.cnet.com/s/software/13/.../03/.../cbsidlm-cbsi183-Pazera_Free_Audio_Extractor-ORG-10820817.exe

http://software-files-a.cnet.com/s/software/11/30/51/.../cbsidlm-cbsi183-MagicISO_Maker-ORG-10191803.exe

http://software-files-a.cnet.com/s/software/12/70/88/.../cbsidlm-cbsi183-Canon_Pixma_MP250-ORG-75765260.exe

http://software-files-a.cnet.com/s/software/11/43/72/.../cbsidlm-cbsi183-CFree-SEO-10311060.exe

http://software-files-a.cnet.com/s/software/12/17/42/.../cbsidlm-cbsi183-DanuSoft_Free_Keylogger-SEO-75575572.exe

http://software-files-a.cnet.com/s/software/10/33/65/.../cbsidlm-cbsi183-Need_for_Speed_Underground_2_v11_patch-SEO-10336530.exe

http://software-files-a.cnet.com/s/software/11/30/51/.../cbsidlm-cbsi183-MagicISO_Maker-SEO-10191803.exe

http://software-files-a.cnet.com/s/software/13/66/07/.../cbsidlm-cbsi183-Free_MKV_Player-ORG-75978742.exe

http://software-files-a.cnet.com/s/software/11/83/.../cbsidlm-cbsi183-laserjet1020exe-ORG-118350.exe

http://software-files-a.cnet.com/s/software/13/62/44/.../cbsidlm-cbsi183-Karaoke_5-ORG-10638102.exe

http://software-files-a.cnet.com/s/software/13/24/62/.../cbsidlm-cbsi183-Ati_Drivers_Download_Utility-SEO-75962259.exe

http://software-files-a.cnet.com/s/software/13/46/00/.../cbsidlm-cbsi183-DownloadX_ActiveX_Download_Control-SEO-10911713.exe

http://software-files-a.cnet.com/s/software/13/25/67/.../cbsidlm-cbsi183-PC_Autotune-ORG-75415938.exe

http://software-files-a.cnet.com/s/software/12/31/61/.../cbsidlm-cbsi183-Filelab_Video_Editor-SEO-75623340.exe

http://software-files-a.cnet.com/s/software/17/38/.../cbsidlm-cbsi183-Virtual_CloneDrive-ORG-173879.exe

http://software-files-a.cnet.com/s/software/10/39/30/.../cbsidlm-cbsi183-John_Deere_American_Farmer-ORG-10393087.exe

http://software-files-a.cnet.com/s/software/13/58/83/.../cbsidlm-cbsi183-360_Internet_Security-ORG-75915548.exe

http://software-files-a.cnet.com/s/software/12/48/85/.../cbsidlm-cbsi183-Winmail_Reader-SEO-10578231.exe

http://software-files-a.cnet.com/s/software/13/62/31/.../cbsidlm-cbsi183-KLite_Codec_Pack_Full-ORG-64246.exe

http://software-files-a.cnet.com/s/software/13/59/39/.../cbsidlm-cbsi183-Free_Dailymotion_Downloader-ORG-75959791.exe

http://software-files-a.cnet.com/s/software/13/22/96/.../cbsidlm-cbsi183-Samsung_Smart_Switch-ORG-75956746.exe

http://software-files-a.cnet.com/s/software/13/58/81/.../cbsidlm-cbsi183-Free_WMV_to_MOV_Converter-ORG-75915409.exe

http://software-files-a.cnet.com/s/software/11/12/19/.../cbsidlm-cbsi183-HP_ProtectTools_Security_Manager-SEO-10974490.exe

http://software-files-a.cnet.com/s/software/13/58/21/.../cbsidlm-cbsi183-Data_Doctor_Recovery_Pen_Drive-ORG-10700114.exe

http://software-files-a.cnet.com/s/software/13/62/25/.../cbsidlm-cbsi183-Free_YouTube_to_MP3_Converter-ORG-10665553.exe

http://software-files-a.cnet.com/s/software/42/34/.../cbsidlm-cbsi183-KONICA_MINOLTA_PagePro_1400W-ORG-156680.exe

Latest 30 of 1,408 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

Remove cbsidlm-cbsi183-spotify-seo-10912348.exe - Powered by Reason Core Security