distro-meta-installer.exe

distro-meta-installer

Browser Distribution Services, Inc.

The application distro-meta-installer.exe by Browser Distribution Services has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from secure.cacheanglegoeast.com and multiple other hosts. While running, it connects to the Internet address server-52-84-25-125.sea32.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Browser Distribution Services, Inc.  (signed and verified)

Product:
distro-meta-installer

Version:
1.0.8

MD5:
9fa2740f52e87d0c8ccfca7d5997254d

SHA-1:
a707761067e38face204049caef58bfcebc1f8b3

SHA-256:
71224813b3e9d45008a3c05d3d1885851fa36b79a62068ef0094072446a7e2c0

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 10:38:28 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1243
9.0.1.0358

Reason Heuristics
PUP.Installer.BrowserDistributionServices.V
14.8.7.21

File size:
103.8 KB (106,264 bytes)

Product version:
1.0.8

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\10827165_stp\distro-meta-installer.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/1/2013 2:00:00 AM

Valid to:
2/2/2015 1:59:59 AM

Subject:
CN="Browser Distribution Services, Inc.", O="Browser Distribution Services, Inc.", STREET="2711 Centerville Road, Suite 400", L=Wilmington, S=DE, PostalCode=19808, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B259692789E76789FF829879954D882

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:GQpQ5EP0ijnRTXJzCr49pf9kpJU4XQFBMkh+uhD06XR+QhJg1kZJ4gH1lWmvGhkk:GQIURTXJzCrYf9kLM7tnLh+RkZJ4aQ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6633

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file distro-meta-installer.exe has been seen being distributed by the following 8 URLs.

http://secure.cacheanglegoeast.com/.../distro-meta-installer.exe

http://fastcdngoeast.com/.../distro-meta-installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-240-190-153.jfk6.r.cloudfront.net  (54.240.190.153:80)

TCP (HTTP):
Connects to server-54-230-200-146.fra50.r.cloudfront.net  (54.230.200.146:80)

TCP (HTTP):
Connects to server-54-230-197-35.lhr50.r.cloudfront.net  (54.230.197.35:80)

TCP (HTTP):
Connects to server-52-84-25-125.sea32.r.cloudfront.net  (52.84.25.125:80)

TCP (HTTP):
Connects to server-52-84-230-15.sfo9.r.cloudfront.net  (52.84.230.15:80)

Remove distro-meta-installer.exe - Powered by Reason Core Security