home

combroadcaster-recover.exe

comoBoss

aze

The application combroadcaster-recover.exe, “comoBoss Setup ” has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.taketheseapps.com.
Publisher:
aze

Product:
comoBoss

Description:
comoBoss Setup

MD5:
13ad81b725a4137e4ed12e7ed1125fda

SHA-1:
0dbd5d877d40c9f5a79f31552e51acdf03d4026a

SHA-256:
f6c6df0516ad98b99183ff3885196662843e959bfe7755e46bda1e9967f1bd90

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 2:50:31 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/AdWare.EoRezo.AU application
7.0.302.0

Reason Heuristics
PUP.Eorezo.Bundler (M)
16.7.1.11

File size:
1.6 MB (1,641,464 bytes)

Product version:
1.3

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\combroadcaster-recover.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:CQizq48xrEruK+WGeFuB9R7W1waOnXEVqfVbcQOL5SzYn0jZIHM+U6psItq:C9mhlWGeQP9Za/q9bZO9SEn0jGptpsqq

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file combroadcaster-recover.exe has been seen being distributed by the following URL.

http://dl.taketheseapps.com/download/.../combroadcaster-recover.exe

Remove combroadcaster-recover.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.