home

cnet_poiloaderforwindows_270_exe.exe

CNET Download.com Installer

CBS Interactive, Inc.

The application cnet_poiloaderforwindows_270_exe.exe by CBS Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
CBS Interactive  (signed by CBS Interactive, Inc.)

Product:
CNET Download.com Installer

Version:
1.2.3.0

MD5:
e1543633470cab71f524e8b66d84ec4a

SHA-1:
5ff6e88c1286eefc54bf2798ee1cfed037c96d22

SHA-256:
3bd225ba5633d7dc923e6016999340873b4ba657bc3c1e285130228bb1cbd662

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 11:28:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Avira AntiVirus
PUA/InstallCore.Gen
8.3.1.6

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Adware.Downloader-207
0.98/20578

Dr.Web
Adware.InstallCore.2
9.0.1.05190

ESET NOD32
Win32/InstallCore.D potentially unwanted application
7.0.302.0

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

G Data
Win32.Application.Dealply
15.6.25

Reason Heuristics
Bundler.PPI.Installer.CBS
15.6.18.6

SUPERAntiSpyware
PUP.CNETInstaller
9806

Vba32 AntiVirus
SScope.Malware-Cryptor.InstallCore.530A
3.12.26.4

File size:
443.5 KB (454,120 bytes)

Product version:
1.2.3.0

Copyright:
CBS Interactive

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cnet_poiloaderforwindows_270_exe.exe

Digital Signature
Signed by:
CBS Interactive, Inc.

Authority:
DigiCert Inc

Valid from:
7/9/2011 2:00:00 AM

Valid to:
7/12/2013 2:00:00 PM

Subject:
CN="CBS Interactive, Inc.", O="CBS Interactive, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0203D2F5E7ABE93E2FC72BD3381C32C0

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:sA+SBz0oAt5c/572jwhhwVgS0YYljRKSVAQSeTrJQOcsPWWqXMsZ1RdHnW++PgqS:jBzKc/5721VghlVP1TlQEW5XvzjJqed

Entry address:
0xFE560

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, B7, 0B, 00, 7E, 0B, 1C, 4D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
380 KB (389,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

TCP (HTTP):
Connects to ec2-52-10-189-255.us-west-2.compute.amazonaws.com  (52.10.189.255:80)

TCP (HTTP):
Connects to a23-3-13-99.deploy.static.akamaitechnologies.com  (23.3.13.99:80)

TCP (HTTP):
Connects to a23-0-160-41.deploy.static.akamaitechnologies.com  (23.0.160.41:80)

Remove cnet_poiloaderforwindows_270_exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.