der_gestiefelte_kater.exe

Puvanat Pumimart

The application der_gestiefelte_kater.exe by Puvanat Pumimart has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downloadallhere.com.
Publisher:
Puvanat Pumimart  (signed and verified)

MD5:
203879b74220bd26dcad112bc9ea1790

SHA-1:
e8f6ccefaef216eec985a5508ad9ecbc025201f4

SHA-256:
466ce6af2b730c90dcf03d0bbc20209534f5913006e1677dd53fd3575ea913e0

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/28/2024 1:50:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.LT
359

Agnitum Outpost
Riskware.ShimChanger
7.1.1

Avira AntiVirus
PUA/Vittalia.Gen
8.3.1.6

avast!
Win32:Adware-gen [Adw]
2014.9-160211

AVG
MultiBundle
2017.0.2837

Bitdefender
Application.Bundler.LT
1.0.20.210

Comodo Security
UnclassifiedMalware
22130

ESET NOD32
NSIS/TrojanDropper.Agent.CB
10.11634

F-Secure
Application.Bundler.MC
11.2016-11-02_5

G Data
Application.Bundler.LT
16.2.25

K7 AntiVirus
Riskware
13.203.15929

McAfee
Artemis!203879B74220
5600.6493

MicroWorld eScan
Application.Bundler.LT
17.0.0.126

NANO AntiVirus
Trojan.Win32.MLW.dnprfx
0.30.24.1357

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
40264

File size:
483.7 KB (495,296 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\der_gestiefelte_kater.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/21/2014 1:00:00 AM

Valid to:
11/22/2015 12:59:59 AM

Subject:
CN=Puvanat Pumimart, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A3F08EC0AB46FDB9CD34E232B5C637F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:swCsKflB7HAlvBrkLmWuO6en8ylM7tyxdWshgW:snl7ovB30nWpymsx

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file der_gestiefelte_kater.exe has been seen being distributed by the following URL.

Remove der_gestiefelte_kater.exe - Powered by Reason Core Security