dragonballzmugen.exe

REDACCENIR SL

The application dragonballzmugen.exe by REDACCENIR SL has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dm.portalprogramas.com.
Publisher:
REDACCENIR SL  (signed and verified)

MD5:
a57db41618569e6d9485f64d6a0e69ad

SHA-1:
14e7c5ca52998aaa8d50944493942ea03c639402

SHA-256:
03c12315ed3d7e1f3fa2b70ebb1c7939b6a4f76a71ea1e37ccfeb1a6330adc3b

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 8:49:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
160518-2

Dr.Web
Adware.InstallCore.20
9.0.1.05190

ESET NOD32
Win32/InstallCore.F potentially unwanted application
8.0.319.0

F-Prot
W32/InstallCore.B.gen
4.6.5.141

Reason Heuristics
PUP.REDACCEN (M)
16.6.19.9

VIPRE Antivirus
Threat.4150696
49720

File size:
602.1 KB (616,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dragonballzmugen.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/23/2011 12:00:00 AM

Valid to:
12/22/2012 11:59:59 PM

Subject:
CN=REDACCENIR SL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=REDACCENIR SL, L=Terrassa, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71215C0E2FF8F33A61438B1BB7D0D7D3

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:iiHS7FPQ0gTNgjoEIYnONlDZW/zM387a3ourmH/c3PFAcJxnCrBY0XmgOkSbAsUy:iJPQzij8WbC8Ob6HE3PvcBYqHBSssJ

Entry address:
0x118D00

Entry point:
60, BE, 00, D0, 48, 00, 8D, BE, 00, 40, F7, FF, C7, 87, 10, 27, 0C, 00, 59, 3A, A4, 2D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
560 KB (573,440 bytes)

The file dragonballzmugen.exe has been seen being distributed by the following URL.

Remove dragonballzmugen.exe - Powered by Reason Core Security