diglobrowser.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application diglobrowser.exe by Rollnon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from s.allfreesoft.net.
Publisher:
Rollnon  (signed and verified)

Version:
1.0.0.7

MD5:
89d689590ad2910acf7602bf618eb09d

SHA-1:
336fd7bc0503a6df1cee1de41bd3a19bb6cdb8a5

SHA-256:
c7dbdaf6fb4600503998b899ef3fb5b7a19482b772b6a196027bc88f00c31d6f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 12:11:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Verti (M)
16.10.16.11

File size:
230.7 KB (236,224 bytes)

Product version:
1.0.0.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\diglobrowser.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/26/2014 5:00:00 PM

Valid to:
5/27/2015 4:59:59 PM

Subject:
CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata
Compilation timestamp:
8/28/2014 9:46:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Jy4QDUQo/7Ul5n4hL4NMgqtA2UFCNsR4kegavjmjoS:JZQo44lr2J/egIjGoS

Entry address:
0x166BE0

Entry point:
60, BE, 00, 20, 53, 00, 8D, BE, 00, F0, EC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, AB, 46, 16, 00, 57, 83, C3, 04, 53, 68, D9, 4B, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9669  (probably packed)

Code size:
216 KB (221,184 bytes)

The file diglobrowser.exe has been seen being distributed by the following URL.

http://s.allfreesoft.net/stub/VSAFE/.../DigloBrowser.exe

Remove diglobrowser.exe - Powered by Reason Core Security