f_0001bf

Setup

DAily apps forfor

The file f_0001bf by DAily apps forfor has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
DAily apps forfor  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
8449a3bebaa96257dcfc13e2131daa7a

SHA-1:
fa265406360842a264dfef1d35f782de7838ed16

SHA-256:
86f240a074504b2b3498a72de44406d17f0d0ea2126ff1deec5072f7a2b7df99

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 5:48:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.12.6.14

File size:
1.1 MB (1,146,616 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar04-061615-7e57f812-5d0f-42ef-83c1-4fef12714655.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_0001bf

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/1/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=DAily apps forfor, O=DAily apps forfor, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
696359E1D6451860CD702AC67FDD3C57

File PE Metadata
Compilation timestamp:
3/4/2015 1:16:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:KbSaE4mvt/TIx5iKoQkaw47vZ3k4EOn2au/mrENrZdIW86ORlF:KbSv4mvJC5ieD7K4nhgrQ66F

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5747

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

Remove f_0001bf - Powered by Reason Core Security