corao de me aline barros lanamento 2014.exe

GO SAFER LLC

The application corao de me aline barros lanamento 2014.exe, “Download da Internet” by GO SAFER has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from fileflow.co.
Publisher:
yTVnQOo5hT6GbOusu  (signed by GO SAFER LLC)

Description:
Download da Internet

Version:
8.3.4.6

MD5:
a81637118018ac65aa0118d9974863ff

SHA-1:
b6a082f1afb3124cd441e0c78ff045dd82f15caa

SHA-256:
668af3c6b0f357f4bbba0e1622a1051f8c2fce58ca6a1a7fc8c7816ed5a01c90

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:01:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BR Software (M)
16.8.26.23

File size:
73.9 KB (75,696 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\corao de me aline barros lanamento 2014.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
11/23/2014 5:41:08 AM

Valid to:
11/23/2015 5:41:08 AM

Subject:
E=gosaferllc@gmail.com, CN="Open Source Developer, Go Safer LLC", O=GO SAFER LLC, C=US

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
56E606AD3EF1F4818B40EA7267671740

File PE Metadata
Compilation timestamp:
12/5/2009 7:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:AoLDYsacy7mHMowHjXJF5BviSlqSyPhPmpJwPKbiGcso/:AoPyys5jXJF5BaJzPqeyWP

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file corao de me aline barros lanamento 2014.exe has been seen being distributed by the following URL.

http://fileflow.co/ids/.../Coração de Mãe – Aline Barros – Lançamento 2014.exe

Remove corao de me aline barros lanamento 2014.exe - Powered by Reason Core Security