cnet2_pazera_free_video_to_ipod_converter_zip.exe

CNET Download.com Installer

CBS Interactive

The application cnet2_pazera_free_video_to_ipod_converter_zip.exe, “CNET Download.com Install” by CBS Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software-files-l.cnet.com.
Publisher:
CNET Download.com  (signed by CBS Interactive)

Product:
CNET Download.com Installer

Description:
CNET Download.com Install

Version:
v2.0.2.108

MD5:
469f61e385be2af27c41ad6fb2ecf530

SHA-1:
d70a4645230d3885b66a6c5c2d1b9cf0f26ade1b

SHA-256:
0b0a5fe25af4957f3a72ca6cbd37e34a4b279ecbf0ce90a1e32c8562a8d242b9

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 11:49:08 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.Gen
8.3.1.6

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.130
9.0.1.05190

ESET NOD32
Win32/InstallCore.D potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

G Data
Win32.Application.Dealply
15.6.25

NANO AntiVirus
Riskware.Win32.InstallCore.dakpwj
0.30.24.1636

Reason Heuristics
Bundler.PPI.Installer.CBS
15.6.2.20

SUPERAntiSpyware
PUP.CNETInstaller
9837

Vba32 AntiVirus
SScope.Malware-Cryptor.InstallCore.530A
3.12.26.4

VIPRE Antivirus
Threat.4150696
40786

File size:
452.2 KB (463,080 bytes)

Product version:
v2.0.2.108

Copyright:
CBS Interactive

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cnet2_pazera_free_video_to_ipod_converter_zip.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/4/2011 8:00:00 PM

Valid to:
8/4/2013 7:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
071A760107B4DE793CD48C0EDA1DF0B5

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:IGFP4rsBRjSLvxZqWPo3jTza+YoH34kc9dtjkvi:NJw4iloja+Yp9dtjkvi

Entry address:
0x101660

Entry point:
60, BE, 00, C0, 49, 00, 8D, BE, 00, 50, F6, FF, C7, 87, 10, D7, 0B, 00, E8, 13, 89, FA, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8486

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
408 KB (417,792 bytes)

The file cnet2_pazera_free_video_to_ipod_converter_zip.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

TCP (HTTP):
Connects to ec2-52-10-189-255.us-west-2.compute.amazonaws.com  (52.10.189.255:80)

TCP (HTTP):