diglobrowser.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application diglobrowser.exe by Rollnon has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Verti Setup installer.
Publisher:
Rollnon  (signed and verified)

Version:
1.0.0.5

MD5:
a111ada1b41725712782b15440eb3cb3

SHA-1:
14ab66de0f8c2ca9364087835c8c7cc6491bd658

SHA-256:
98b345f3c34ec419d9c1303b9a185f50447b31ad0c33346ba082d071711b43dd

Scanner detections:
15 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 11:34:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140818

Baidu Antivirus
Adware.Win32.Agent
4.0.3.14818

ESET NOD32
Win32/Verti (variant)
8.10241

Fortinet FortiGate
Adware/Agent
8/18/2014

IKARUS anti.virus
PUA.Verti
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3388

McAfee
Artemis!A111ADA1B417
5600.7035

Panda Antivirus
Trj/Chgt.C
14.08.18.11

Qihoo 360 Security
Win32/RootKit.Rootkit.7e5
1.0.0.1015

Reason Heuristics
PUP.Rollnon.M
14.8.18.11

Sophos
Generic PUA BE
4.98

Trend Micro House Call
Suspicious_GEN.F47V0805
7.2.230

VIPRE Antivirus
Ignition Installer
32144

File size:
599.5 KB (613,912 bytes)

Product version:
1.0.0.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\diglobrowser.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/27/2014 8:00:00 AM

Valid to:
5/28/2015 7:59:59 AM

Subject:
CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata
Compilation timestamp:
7/19/2014 1:54:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:+vX6+kw1Zvx3OhIYkeRpMDNIMQQi9M6nR0zqXRa7aezjTV:bovx+hMQMhS7nOzqXU7aezjTV

Entry address:
0x22715

Entry point:
E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 10, 01, 48, 00, E8, 55, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 1C, A0, 48, 00, BA, 18, A0, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AB, B4, FF, FF, 59, FF, 76, 04, E8, A2, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 44, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B...
 
[+]

Entropy:
6.6687

Code size:
401 KB (410,624 bytes)

Remove diglobrowser.exe - Powered by Reason Core Security