delta_523.exe

Delta

The application delta_523.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from d22z5jqfvuej9a.cloudfront.net and multiple other hosts.
Publisher:
Delta

Product:
Delta

Description:
Delta-search

Version:
3.0

MD5:
2868cd5440fadc6abc6a1dcb5bcdb0e2

SHA-1:
ac38ead81501cca86e8d13c2592190c0e1948416

SHA-256:
b57596e0e4cbe7e5287ddba1f8abea115053635266663cae68b1f29580ea3c7a

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 6:36:52 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Agent
2.1.4+

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

AVG
Toolbar.Babylon
2015.0.3448

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.1469

Dr.Web
Adware.Downware.934
9.0.1.0160

ESET NOD32
Win32/OutBrowse
8.9857

Fortinet FortiGate
Riskware/DomaIQ
6/9/2014

K7 AntiVirus
Trojan
13.178.12212

Malwarebytes
PUP.Optional.DeltaSearch.A
v2014.06.09.05

McAfee
RDN/Generic.dx!czh
5600.7104

NANO AntiVirus
Riskware.Nsis.Babylon.cwhyhv
0.28.0.59921

Trend Micro House Call
ADW_ADLOAD
7.2.160

Trend Micro
ADW_ADLOAD
10.465.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29676

File size:
806.8 KB (826,163 bytes)

Copyright:
© Delta-search

Trademarks:
Delta-search

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\delta_523.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:dsRmIbipgCRGHRD2G1fthnDPml81eICS+kaq:SPbRCRgD2CNjdwIT7aq

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file delta_523.exe has been seen being distributed by the following 3 URLs.

Remove delta_523.exe - Powered by Reason Core Security