» diglobrowser.exe
Overview
Analysis
File Details
Downloads (1)

diglobrowser.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application diglobrowser.exe by Rollnon has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from s.allfreesoft.net.

File name:

diglobrowser.exe

Publisher:

Rollnon (signed and verified)

Version:

1.0.0.6

MD5:

679885129b6631648525f357134beaa6

SHA-1:

ab52d8b415cbb9c01904b52c4f4cc7bfa6baf4d8

SHA-256:

5487f83f511943edc7ee69715ffef467342c32a1e682d063118c3c712d38f574

Scanner detections:

6 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/27/2024 12:12:34 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.InstallMonster

2014.11.19

AVG

Rollnon

2015.0.3286

ESET NOD32

Win32/Verti.H potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.11.19.05

Reason Heuristics

PUP.Rollnon.M

14.11.19.4

VIPRE Antivirus

Threat.4790114

34232

File size:

222.7 KB (228,032 bytes)

Product version:

1.0.0.6

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\diglobrowser.exe

Digital Signature

Signed by:

Rollnon

Authority:

COMODO CA Limited

Valid from:

5/26/2014 6:00:00 PM

Valid to:

5/27/2015 5:59:59 PM

Subject:

CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata

Compilation timestamp:

8/8/2014 11:25:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:hvwtwIeddRh8q7oopKLG5ojhDEsA9PaoO9oSzV:hXRddRnNpKLG5ojhDEn9PnCoS5

Entry address:

0x14D970

Entry point:

60, BE, 00, B0, 51, 00, 8D, BE, 00, 60, EE, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 21, B2, 14, 00, 57, 83, C3, 04, 53, 68, 6E, 29, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9684 (probably packed)

Code size:

208 KB (212,992 bytes)

The file diglobrowser.exe has been seen being distributed by the following URL.

http://s.allfreesoft.net/stub/VSAFE/.../DigloBrowser.exe

Remove diglobrowser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.