facebookzoomsetup_988465873_400612_3033.exe

Amazecell LTD.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application facebookzoomsetup_988465873_400612_3033.exe by Amazecell has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Amazecell LTD.  (signed and verified)

MD5:
568437cdab174a77fa3ed3e7cd221126

SHA-1:
9435a3288b82f0abca0e010a04f2a5cd101a9656

SHA-256:
5e4f88b5397ee437df6f085c15631ff74ee144d870744a354c299f586366e64c

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
11/24/2024 8:58:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.91.16

avast!
Win32:PUP-gen [PUP]
2014.9-141215

AVG
RelevantKnowledge
2015.0.3259

Bitdefender
Adware.Relevant.BH
1.0.20.1745

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
16609

Dr.Web
Adware.Relevant.81
9.0.1.0349

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.12.15.08

ESET NOD32
Win32/Adware.RK.AQ
8.8581

Fortinet FortiGate
Riskware/Agent
12/15/2014

F-Secure
Adware.Relevant.BH
11.2014-15-12_2

G Data
Adware.Relevant.BH
14.12.22

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Agent
t3scan.2.0.3.0

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2791

Malwarebytes
PUP.Adware.RelevantKnowledge
v2014.12.15.08

McAfee
Artemis!568437CDAB17
5600.6915

MicroWorld eScan
Adware.Relevant.BH
15.0.0.1047

NANO AntiVirus
Riskware.Win32.InstallToolbar.bxkoru
0.24.0.53571

Reason Heuristics
PUP.Installer.Amazecell.h
14.12.15.20

Trend Micro House Call
TROJ_GEN.F47V0715
7.2.349

VIPRE Antivirus
Wajam
19676

File size:
658.8 KB (674,640 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\facebookzoomsetup_988465873_400612_3033.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/29/2012 8:00:00 PM

Valid to:
10/30/2013 7:59:59 PM

Subject:
CN=Amazecell LTD., O=Amazecell LTD., L=Hertzlia, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
365C7458F9CB8CF4C99A5AB69879EFCC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iIS5HnWE+inkpa2f0eFrggMlwcdr0zA3yKRdrvaG:XS5nWal2NObdz3THrv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9671

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file facebookzoomsetup_988465873_400612_3033.exe has been seen being distributed by the following URL.

Remove facebookzoomsetup_988465873_400612_3033.exe - Powered by Reason Core Security