home

easy-dealsb.exe

Cbnmoukdwtijjc

Nsmlm

The application easy-dealsb.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from cdn77.airdwnlds.com and multiple other hosts a known adware distribution point operated by Air Software.
Publisher:
Nsmlm

Product:
Cbnmoukdwtijjc

Description:
Ofbgmhf

Version:
1.1.1.1

MD5:
5244b0526d15b60cffe2c88dd1362288

SHA-1:
6b99c8703c6c6745f34902da22157c3e5b8f3cfd

SHA-256:
12ed4b802ba335bb9263558b3d460e8f6ac4de321c43d385efc665e699b94ab1

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/5/2024 8:26:13 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.10
9.0.1.0357

Malwarebytes
PUP.Optional.AdLyrics
v2013.12.23.05

Trend Micro House Call
TROJ_GEN.F47V1031
7.2.357

File size:
5.8 MB (6,040,295 bytes)

Copyright:
Qabtifldtst

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\easy-dealsb.exe

File PE Metadata
Compilation timestamp:
2/19/2012 3:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:Bpqj1y/a5n9FA1+btPMKk2c5EeMmK2PiUO5wmrv8RA4i7sl0jzYLXiII36eHqllt:Bpqb961+bt9J2iwmNQ0jUyII3HHm2zy

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file easy-dealsb.exe has been seen being distributed by the following 2 URLs.

http://cdn77.airdwnlds.com/downloads/offers/.../easy-dealsB.exe

http://cdn.airdlr6.com/downloads/offers/.../easy-dealsB.exe

Remove easy-dealsb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.