facereadersetup_981495093_400612_2858.exe

Amazecell LTD.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application facereadersetup_981495093_400612_2858.exe by Amazecell has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Amazecell LTD.  (signed and verified)

MD5:
0bbd7b0143f779c41507941da1b6e332

SHA-1:
94d01c30f5f8f491d5d515e59611b95210222a01

SHA-256:
aef189b36a0276492adce485f5c35572e1b1a1710fafbd3f5d976347b53fe262

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
11/5/2024 2:23:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.106.64

avast!
Win32:PUP-gen [PUP]
2014.9-140412

AVG
RelevantKnowledge
2015.0.3506

Baidu Antivirus
Trojan.Win32.Adware.MarketScore
4.0.3.14412

Bitdefender
Adware.Relevant.BH
1.0.20.510

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
17071

Dr.Web
Adware.Relevant.81
9.0.1.0102

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.04.12.04

ESET NOD32
Win32/Adware.MarketScore
8.8888

F-Secure
Adware.Relevant.BH
11.2014-12-04_7

G Data
Adware.Relevant.BH
14.4.22

Malwarebytes
PUP.Adware.RelevantKnowledge
v2014.04.12.04

MicroWorld eScan
Adware.Relevant.BH
15.0.0.306

NANO AntiVirus
Trojan.Win32.Relevant.cbpeni
0.26.0.55366

Reason Heuristics
PUP.Installer.Amazecell.f
14.12.11.23

Sophos
RelevantKnowledge
4.93

Trend Micro House Call
TROJ_GEN.RCBB1CN
7.2.102

VIPRE Antivirus
Wajam
22190

File size:
843.6 KB (863,880 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\facereadersetup_981495093_400612_2858.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/29/2012 8:00:00 PM

Valid to:
10/30/2013 7:59:59 PM

Subject:
CN=Amazecell LTD., O=Amazecell LTD., L=Hertzlia, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
365C7458F9CB8CF4C99A5AB69879EFCC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Md8gTtdvT5dayO0E6F9MClnn7p5bloQC0eFrggMlwcdr0zAhRw6JviWd:Md8gJdvT5gzgblxnvnQNObdzpvNd

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9767

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove facereadersetup_981495093_400612_2858.exe - Powered by Reason Core Security