comscore_010414070912.exe

The application comscore_010414070912.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Version:
1.10104.11407.10912

MD5:
785390fd96e19870520df038aa8a61a9

SHA-1:
e70537b621a9ef5d16cff66d0e6539814c5724ed

SHA-256:
b1bb774aa3509fe13123b92fa5e5e4124674cae61f84944288a00a4931d65b36

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:09:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Relevant.BH
969

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.154.26

avast!
Win32:PUP-gen [PUP]
2014.9-140611

AVG
RelevantKnowledge
2015.0.3447

Baidu Antivirus
Adware.Win32.RK
4.0.3.14611

Bitdefender
Adware.Relevant.BH
1.0.20.810

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
18496

Dr.Web
Adware.Relevant.81
9.0.1.0162

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.06.11.05

ESET NOD32
Win32/Adware.RK.AQ
8.9921

Fortinet FortiGate
Riskware/RK
6/11/2014

F-Secure
Adware.Relevant.BH
11.2014-11-06_4

G Data
Adware.Relevant.BH
14.6.24

K7 AntiVirus
Adware
13.1712348

Kaspersky
not-a-virus:HEUR:Monitor.Win32.RK
14.0.0.3729

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.06.11.05

McAfee
RDN/Generic PUP.x!btb
5600.7103

MicroWorld eScan
Adware.Relevant.BH
15.0.0.486

NANO AntiVirus
Trojan.Win32.Relevant.cbpeni
0.28.0.60253

nProtect
Adware.Relevant.BH
14.06.09.01

Sophos
RelevantKnowledge
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00BB14
7.2.162

Trend Micro
TROJ_GEN.F0C2C00BB14
10.465.11

VIPRE Antivirus
Adware.Relevant
30146

File size:
837.3 KB (857,385 bytes)

Product version:
1.10104.11407.10912

Copyright:
(C) 010414070912

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ZM5i1d0eFrggMlwcdr0zANZF+ZPPfnEUndrQhC4r0A4VcdzxkFN/aVdafO0Md2eq:ZMsNObdzclvNQAKf4VQkF5aVgm/d2fz

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file comscore_010414070912.exe has been seen being distributed by the following 2 URLs.

Remove comscore_010414070912.exe - Powered by Reason Core Security