» diglobrowser.exe
Overview
Analysis
File Details

diglobrowser.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application diglobrowser.exe by Rollnon has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Verti Setup installer.

File name:

diglobrowser.exe

Publisher:

Rollnon (signed and verified)

Version:

1.0.0.5

MD5:

a111ada1b41725712782b15440eb3cb3

SHA-1:

14ab66de0f8c2ca9364087835c8c7cc6491bd658

SHA-256:

98b345f3c34ec419d9c1303b9a185f50447b31ad0c33346ba082d071711b43dd

Scanner detections:

15 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/23/2024 8:04:59 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140818

Baidu Antivirus

Adware.Win32.Agent

4.0.3.14818

ESET NOD32

Win32/Verti (variant)

8.10241

Fortinet FortiGate

Adware/Agent

8/18/2014

IKARUS anti.virus

PUA.Verti

t3scan.1.6.1.0

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.3388

McAfee

Artemis!A111ADA1B417

5600.7035

Panda Antivirus

Trj/Chgt.C

14.08.18.11

Qihoo 360 Security

Win32/RootKit.Rootkit.7e5

1.0.0.1015

Reason Heuristics

PUP.Rollnon.M

14.8.18.11

Sophos

Generic PUA BE

4.98

Trend Micro House Call

Suspicious_GEN.F47V0805

7.2.230

VIPRE Antivirus

Ignition Installer

32144

File size:

599.5 KB (613,912 bytes)

Product version:

1.0.0.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\diglobrowser.exe

Digital Signature

Signed by:

Rollnon

Authority:

COMODO CA Limited

Valid from:

5/27/2014 8:00:00 AM

Valid to:

5/28/2015 7:59:59 AM

Subject:

CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata

Compilation timestamp:

7/19/2014 1:54:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:+vX6+kw1Zvx3OhIYkeRpMDNIMQQi9M6nR0zqXRa7aezjTV:bovx+hMQMhS7nOzqXU7aezjTV

Entry address:

0x22715

Entry point:

E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 10, 01, 48, 00, E8, 55, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 1C, A0, 48, 00, BA, 18, A0, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AB, B4, FF, FF, 59, FF, 76, 04, E8, A2, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 44, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B... 
[+]

Entropy:

6.6687

Code size:

401 KB (410,624 bytes)

Remove diglobrowser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.