condefsetup1120v2.exe

Content Defender

LLC

The application condefsetup1120v2.exe, “Content Defender Setup” by LLC has been detected as adware by 16 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program Content Defender by Artex Management S. A.. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from getcontentdefender.com.
Publisher:
"Artex Management S. A."  (signed by LLC )

Product:
Content Defender

Description:
Content Defender Setup

Version:
1.15.0.1

MD5:
86a082b9e5e8495e890c73f1afb5f4b3

SHA-1:
6234b7a4dbf63f3f63b3a4205dc7d20f838df228

SHA-256:
4cf94969986af9e0749c87500911f57b2e083e6a009919ea1eb07ba9203a563d

Scanner detections:
16 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
12/24/2024 4:36:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

Avira AntiVirus
ADWARE/CouponsAd.240
8.3.2.4

AVG
Generic
2016.0.2919

Dr.Web
Trojan.Zadved.251
9.0.1.0325

ESET NOD32
Win32/RiskWare.NetFilter (variant)
9.12600

IKARUS anti.virus
PUA.Trioris
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.17924

Kaspersky
not-a-virus:NetTool.Win64.NetFilter
14.0.0.1088

Malwarebytes
PUP.Optional.ContentDefender
v2015.11.21.09

NANO AntiVirus
Riskware.Win32.Plugin.dxnjbt
0.30.26.4751

Panda Antivirus
Trj/Genetic.gen
15.11.21.09

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Amonitize.ArtexManagementSA.Installer (M)
15.11.21.9

Rising Antivirus
PE:Packer.Win32.Crypt.ek!1615884 [F]
23.00.65.151119

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
NetFilter
45324

File size:
5.4 MB (5,618,224 bytes)

Product version:
1.15.0.1

Copyright:
Copyright (C) 2015

Original file name:
ConDefSe.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\condefsetup1120v2.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/10/2015 5:00:00 AM

Valid to:
11/10/2016 4:59:59 AM

Subject:
CN="LLC ""IT-PROF""", OU=IT, O="LLC ""IT-PROF""", STREET="prosp. Heroyiv Stalinhrada, 48", L=Kiev, S=Kiev, PostalCode=04213, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7B1E28BB38088B1862D9E29DE894FEEB

File PE Metadata
Compilation timestamp:
11/20/2015 10:13:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:lZzotlaI7a/IOamC34gtQazU4R26GcS2D/0DsZ:bOaQkj7C34gp9kLw/Z

Entry address:
0xBC14

Entry point:
E8, 3D, 42, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 08, C2, 41, 00, 8D, 7D, E0, F3, A5, 8B, 75, 0C, 8B, 7D, 08, 85, F6, 74, 13, F6, 06, 10, 74, 0E, 8B, 0F, 83, E9, 04, 51, 8B, 01, 8B, 70, 18, FF, 50, 20, 89, 7D, F8, 89, 75, FC, 85, F6, 74, 0C, F6, 06, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, AC, B1, 41, 00, 5F, 5E, 8B, E5, 5D, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24...
 
[+]

Code size:
100.5 KB (102,912 bytes)

The file condefsetup1120v2.exe has been discovered within the following program.

Content Defender  by Artex Management S. A.
About 1% of users remove it
 
Powered by Should I Remove It?

The file condefsetup1120v2.exe has been seen being distributed by the following URL.

Remove condefsetup1120v2.exe - Powered by Reason Core Security