» delta_523.exe
Overview
Analysis
File Details
Downloads (3)

delta_523.exe

Delta

The application delta_523.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from d22z5jqfvuej9a.cloudfront.net and multiple other hosts.

File name:

delta_523.exe

Publisher:

Delta

Product:

Delta

Description:

Delta-search

Version:

3.0

MD5:

2868cd5440fadc6abc6a1dcb5bcdb0e2

SHA-1:

ac38ead81501cca86e8d13c2592190c0e1948416

SHA-256:

b57596e0e4cbe7e5287ddba1f8abea115053635266663cae68b1f29580ea3c7a

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/5/2024 3:20:22 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dropper.W32.Agent

2.1.4+

Agnitum Outpost

PUA.Toolbar.Babylon

7.1.1

AVG

Toolbar.Babylon

2015.0.3448

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.1469

Dr.Web

Adware.Downware.934

9.0.1.0160

ESET NOD32

Win32/OutBrowse

8.9857

Fortinet FortiGate

Riskware/DomaIQ

6/9/2014

K7 AntiVirus

Trojan

13.178.12212

Malwarebytes

PUP.Optional.DeltaSearch.A

v2014.06.09.05

McAfee

RDN/Generic.dx!czh

5600.7104

NANO AntiVirus

Riskware.Nsis.Babylon.cwhyhv

0.28.0.59921

Trend Micro House Call

ADW_ADLOAD

7.2.160

Trend Micro

ADW_ADLOAD

10.465.09

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29676

File size:

806.8 KB (826,163 bytes)

Trademarks:

Delta-search

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\delta_523.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:dsRmIbipgCRGHRD2G1fthnDPml81eICS+kaq:SPbRCRgD2CNjdwIT7aq

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file delta_523.exe has been seen being distributed by the following 3 URLs.

http://d22z5jqfvuej9a.cloudfront.net/bundles/.../Delta_523.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../Delta_523.exe

http://d1uc4fr8hoy8ts.cloudfront.net/bundles/.../Delta_523.exe

Remove delta_523.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.