cnet_capturino2e_exe.exe

CNET Download.com Installer

CBS Interactive, Inc.

The application cnet_capturino2e_exe.exe by CBS Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
CBS Interactive  (signed by CBS Interactive, Inc.)

Product:
CNET Download.com Installer

Version:
1.2.3.0

MD5:
5b9225111b44d6f42979fd70eb5782db

SHA-1:
0e1c949413be8572dca70ded04c88f133f3e4fed

SHA-256:
4ea9570c25918c12bfb32838ca0933a1838e2e47ebed6f464151a8774cd69ebf

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 11:19:58 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Avira AntiVirus
TR/Crypt.ZPACK.Gen
7.11.30.172

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Adware.Downloader-207
0.98/20576

Dr.Web
Adware.InstallCore.2
9.0.1.05190

ESET NOD32
Win32/InstallCore.D potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

G Data
Win32.Application.Dealply
15.6.25

Reason Heuristics
Bundler.PPI.Installer.CBS
15.6.17.10

SUPERAntiSpyware
PUP.CNETInstaller
9808

Vba32 AntiVirus
SScope.Malware-Cryptor.InstallCore.530A
3.12.26.4

File size:
443.5 KB (454,120 bytes)

Product version:
1.2.3.0

Copyright:
CBS Interactive

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cnet_capturino2e_exe.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
7/8/2011 8:00:00 PM

Valid to:
7/12/2013 8:00:00 AM

Subject:
CN="CBS Interactive, Inc.", O="CBS Interactive, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0203D2F5E7ABE93E2FC72BD3381C32C0

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:EA+SBz0oAt5c/572jwhhwVgS0YYljRKSVAQSeTrJQOcsPWWqXMsZ1RdHnW++PgqS:LBzKc/5721VghlVP1TlQEW5XvzjJqed

Entry address:
0xFE560

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, B7, 0B, 00, 7E, 0B, 1C, 4D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
380 KB (389,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

TCP (HTTP):
Connects to ec2-52-10-224-155.us-west-2.compute.amazonaws.com  (52.10.224.155:80)

TCP (HTTP):

TCP (HTTP):
Connects to a173-223-204-120.deploy.static.akamaitechnologies.com  (173.223.204.120:80)

Remove cnet_capturino2e_exe.exe - Powered by Reason Core Security