home

download cd cassiane a cura.exe

TECNOLAB LLC

The application download cd cassiane a cura.exe by TECNOLAB has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.files2me.ninja.
Publisher:
TECNOLAB LLC  (signed and verified)

MD5:
73ae9e22a7d1d489a8d6a9be01423286

SHA-1:
81264009c04ea8d790e51fe6ee61345176f36f0c

SHA-256:
d909f90515501c07908d7f828865768dc0264763097a81d72df12e06c32fe7e9

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:56:11 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader.NSIS
2015.0.4477

Clam AntiVirus
Win.Adware.Agent-59029
0.98/21330

Dr.Web
Adware.Downware.11846
9.0.1.05190

Emsisoft Anti-Malware
Adware.Adload
10.0.0.5366

ESET NOD32
NSIS/TrojanDownloader.Adload.AU trojan
7.0.302.0

Microsoft Security Essentials
Threat.Undefined
1.213.5033.0

Norman
Adware.Adload.G
03.12.2014 13:20:04

VIPRE Antivirus
Threat.4785227
46444

File size:
75.1 KB (76,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\download cd cassiane a cura.exe

Digital Signature
Signed by:
TECNOLAB LLC

Authority:
COMODO CA Limited

Valid from:
5/17/2015 9:00:00 PM

Valid to:
5/15/2016 8:59:59 PM

Subject:
CN=TECNOLAB LLC, O=TECNOLAB LLC, POBox=19958, STREET=16192 Coastal Highway, L=Lewes, S=Delaware, PostalCode=19958, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AE32152028400A6F6F196B7657B4EE83

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:doLDYsacy7mHMowHjXJw52uAph7iitGD5tw4+GgmicY4:doPyys5jXJw521boDrYr4

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file download cd cassiane a cura.exe has been seen being distributed by the following URL.

http://www.files2me.ninja/ids/.../getFile?lnk=RG93bmxvYWQlMjBDRCUyMENhc3NpYW5lJTIwJUUyJTgwJTkzJTIwQSUyMEN1cmF8aHR0cDovL2dvby5nbC9USkxZRU18aHR0cDovLzMuYnAuYmxvZ3Nwb3QuY29tLy1PR05zQ0RXM18tYy9WR29XNXR2N3lPSS9BQUFBQUFBQUh0Zy95Mmd4Qm5rck5Sdy9zMTYwMC9BJTJCQ3VyYS5qcGc=&dec=1

Remove download cd cassiane a cura.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.