home

desktoptwitter.cpl

I.T.N.T. SRL

This the Soft32 ad-supported download manager that bundles additional PUP offers. "During the download process we may show commercial offers, such as a toolbar or other browser add-ons. The download manager is in no way affiliated or endorsed by the author of this product." The file desktoptwitter.cpl by I.T.N.T. SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Soft32 Download Manager installer.
Publisher:
I.T.N.T. SRL  (signed and verified)

MD5:
53caab4b382d068fd8edf1f6cf9a901f

SHA-1:
08f4e576b8fb978bc2303b0d53587b0c824614b5

SHA-256:
2737a0de375dfae99ef79b36a1ca15e4aa9ba4c9600641d737d656598da8e732

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The setup file is part of the Soft32.com download and install manager. It is an ad-supported installer and attempts to get the user to install various adware toolbars, browser add-ons, game applications or other potentially unwanted programs. If a sponsored software offer such as a toolbar is installed it might change the User’s home page, default search settings and 404 traffic. Note, the software installed by Soft32 is probably safe, just the installer is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/23/2024 6:54:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Downloader.Bundler.Soft32 (M)
17.3.15.12

File size:
1.2 MB (1,218,440 bytes)

Bundler/Installer:
Soft32 Download Manager

Common path:
C:\users\{user}\desktoptwitter.cpl

Digital Signature
Signed by:
I.T.N.T. SRL

Authority:
GlobalSign nv-sa

Valid from:
12/23/2014 8:08:09 AM

Valid to:
12/24/2015 8:08:09 AM

Subject:
CN=I.T.N.T. SRL, O=I.T.N.T. SRL, L=Sibiu, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D107F46FFA19B1673EAAC3E336953F92

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x150CB0

Entry point:
80, 7C, 24, 08, 01, 0F, 85, E2, 01, 00, 00, 60, BE, 00, 90, 42, 00, 8D, BE, 00, 80, FD, FF, 57, 83, CD, FF, EB, 0D, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.7007

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 - v1.22, 0x

Code size:
1.2 MB (1,212,416 bytes)

Remove desktoptwitter.cpl - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.