home

cbsidlm-cbsi188-undelete_navigator-org-75854797.exe

CBS Interactive

This installer uses the CNET Download.com download manager (private label) in order to provide monetized offerings to end users. These offers could include ad-supported toolbars or various web browser extensions. The application cbsidlm-cbsi188-undelete_navigator-org-75854797.exe by CBS Interactive has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. Additionally, the file is typically installed by a number of programs including Toolwiz BSafe by ToolWiz and Mz StartUp Manager by Mz Ultimate Tools by Michael Zacharias.
Publisher:
CNET Download.com  (signed by CBS Interactive)

Product:
CNET Download.com

Version:
5, 4, 0, 188

MD5:
122e0fe0bd52d264ffb874e538114473

SHA-1:
19876b0c21073ce7ac4725124851fc36b7ea7301

SHA-256:
3706b20574f1aff6f103b9ba085f54c95e78ae70a26f90baa59aa212b08480b4

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The installer is a co-bundle distribution utility that might contain adware or various unwanted programs. While the software it is providing is typically clean, some of the donwload manager offers could be classified as unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 2:57:37 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/CNETInstaller (variant)
8.9654

Reason Heuristics
Bundler.PPI.CBSInteractive.p
14.8.1.0

Trend Micro House Call
TROJ_GEN.F47V0408
7.2.99

File size:
907.6 KB (929,416 bytes)

Product version:
5, 4, 0, 188

Copyright:
Copyright (C) 2013

Original file name:
CNET Download.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\cbsidlm-cbsi188-undelete_navigator-org-75854797.exe

Digital Signature
Signed by:
CBS Interactive

Authority:
VeriSign, Inc.

Valid from:
7/22/2013 7:00:00 AM

Valid to:
8/22/2015 6:59:59 AM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E4BA2EE1F4C2B3D88BE589DA3471167

File PE Metadata
Compilation timestamp:
3/20/2014 7:06:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:tGiUKDDpPJ+/rX1aUZ0xlNwqg+wJROS6Fk:tGiUSdR+4Nx/wFB3OPF

Entry address:
0x225010

Entry point:
60, BE, 00, 80, 54, 00, 8D, BE, 00, 90, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9255

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
888 KB (909,312 bytes)

The file cbsidlm-cbsi188-undelete_navigator-org-75854797.exe has been discovered within the following programs.

Mz StartUp Manager  by Mz Ultimate Tools by Michael Zacharias
www.mztweak.com
47% remove it
Toolwiz BSafe  by ToolWiz
www.Toolwiz.com
About 9% of users remove it
Toolwiz Time Freeze 2014  by ToolWiz
About 1% of users remove it
Toolwiz Time Freeze 2016  by ToolWiz
About 4% of users remove it
 
Powered by Should I Remove It?

The file cbsidlm-cbsi188-undelete_navigator-org-75854797.exe has been seen being distributed by the following 50 URLs.

http://software-files-a.cnet.com/s/software/11/23/96/.../cbsidlm-cbsi188-FrenchEnglish__EnglishFrench_Collins_Dictionary-ORG-75000498.exe

http://software-files-a.cnet.com/s/software/10/56/58/.../cbsidlm-cbsi188-Mp3_Merger-ORG-10565848.exe

http://files.downloadv.com/get_download.php?id=100325762&time=1410935391&md5=dd1b2cba23507835474dedbbda0d3b99

http://software-files-a.cnet.com/s/software/10/91/22/.../cbsidlm-cbsi188-Free_Word_Excel_PowerPoint_to_PDF_Converter-SEO-10912225.exe

https://files.downv.com/get_download.php?id=100077153&time=1478117747&md5=3cb91b19cb0e32b696eb321d4d819706

http://software-files-a.cnet.com/s/software/11/08/24/.../cbsidlm-cbsi188-Super_DVD_Creator-SEO-10251759.exe

http://software-files-a.cnet.com/s/software/43/16/.../cbsidlm-cbsi188-TI_CardReader_Driver_2001zip-ORG-163059.exe

http://software-files-a.cnet.com/s/software/13/22/78/.../cbsidlm-cbsi188-18_Wheels_of_Steel_American_Long_Haul-SEO-75956248.exe

http://software-files-a.cnet.com/s/software/10/26/09/.../cbsidlm-cbsi188-Picture_Manager-ORG-10259085.exe

http://software-files-a.cnet.com/s/software/10/54/24/.../cbsidlm-cbsi188-Dream_Match_Tennis_Pro-SEO-10542407.exe

http://software-files-a.cnet.com/s/software/43/05/.../cbsidlm-cbsi188-80211bg_Atheros_Wireless_Lan_Driver_71090zip-ORG-162108.exe

http://software-files-a.cnet.com/s/software/75/21/84/.../cbsidlm-cbsi188-Hamster_Free_Video_Converter-ORG-75218449.exe

http://software-files-a.cnet.com/s/software/75/85/50/.../cbsidlm-cbsi188-DraftSight_64bit-SEO-75855080.exe

http://software-files-a.cnet.com/s/software/10/59/85/.../cbsidlm-cbsi188-Nokia_PC_Suite-ORG-10598525.exe

http://software-files-a.cnet.com/s/software/42/97/.../cbsidlm-cbsi188-ADS_Instant_DVD_20-SEO-161355.exe

http://software-files-a.cnet.com/s/software/75/75/86/.../cbsidlm-cbsi188-Ultrasurf_-SEO-75758651.exe

http://software-files-a.cnet.com/s/software/13/77/88/.../cbsidlm-cbsi188-Free_MOV_to_MP4_Converter-ORG-75959675.exe

http://software-files-a.cnet.com/s/software/10/91/54/.../cbsidlm-cbsi188-The_Cleaner_2012-SEO-10915400.exe

http://software-files-a.cnet.com/s/software/12/11/08/.../cbsidlm-cbsi188-3DPageFlip_PDF_to_Flash-BP-75553950.exe

http://software-files-a.cnet.com/s/software/10/58/51/.../cbsidlm-cbsi188-SimpleCenter-SEO-10585146.exe

http://software-files-a.cnet.com/s/software/10/61/33/.../cbsidlm-cbsi188-Wise_Disk_Cleaner-SEO-10613345.exe

https://files.downv.com/get_download.php?id=100368211&time=1485312040&md5=9d93c23c154988c77f6d41094682f2af

http://software-files-a.cnet.com/s/software/12/92/36/.../cbsidlm-cbsi188-MacDrive_Standard-ORG-10313024.exe

http://software-files-a.cnet.com/s/software/10/03/07/.../cbsidlm-cbsi188-FL_Studio-SEO-10030774.exe

http://software-files-a.cnet.com/s/software/13/58/79/.../cbsidlm-cbsi188-Traktor_Pro_2-ORG-10186952.exe

https://files.downv.com/get_download.php?id=100102091&time=1469258796&md5=60dbf72036454e02413003ea912188c6

http://software-files-a.cnet.com/s/software/11/38/56/.../cbsidlm-cbsi188-UpdateMyDrivers-ORG-75185955.exe

http://software-files-a.cnet.com/s/software/10/86/46/.../cbsidlm-cbsi188-Simple_Sticky_Notes-BP-10864689.exe

http://software-files-a.cnet.com/s/software/10/50/20/.../cbsidlm-cbsi188-Power_Tab_Editor-SEO-10502034.exe

http://software-files-a.cnet.com/s/software/75/09/93/.../cbsidlm-cbsi188-FLV_to_MP3_Free_Converter-SEO-75099361.exe

Latest 30 of 3,203 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

TCP (HTTP):
Connects to phx1-dw-cbsi-xw-lb.cnet.com  (64.30.224.172:80)

TCP (HTTP):
Connects to a88-221-212-81.deploy.akamaitechnologies.com  (88.221.212.81:80)

TCP (HTTP):
Connects to a184-51-198-123.deploy.static.akamaitechnologies.com  (184.51.198.123:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.