» flappy.exe
Overview
Analysis
File Details
Downloads (1)

flappy.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flappy.exe by Rollnon has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from s.vsafesw.com.

File name:

flappy.exe

Publisher:

Rollnon (signed and verified)

Version:

1.0.0.2

MD5:

142d5d07259cb85c9b8dfb775eebe2a3

SHA-1:

75b0b2d8a1ccee6edacea4434d936dfa0a24cc97

SHA-256:

10f109d00cbe58fa5d325d884b2d2301bdbde19b86a4e66b6252e4d860d142ba

Scanner detections:

11 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 12:24:31 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Verti (variant)

8.10084

G Data

Win32.Application.Nextup

14.7.24

IKARUS anti.virus

PUA.Nextup

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12701

Malwarebytes

PUP.Optional.NextUp

v2014.07.21.02

McAfee

Artemis!C96BD5645D12

5600.7062

Reason Heuristics

PUP.Rollnon.G

14.7.6.13

Sophos

NextUp

4.98

Trend Micro House Call

Suspicious_GEN.F47V0708

7.2.202

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Ignition Installer

30978

File size:

688.5 KB (705,040 bytes)

Product version:

1.0.0.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flappy.exe

Digital Signature

Signed by:

Rollnon

Authority:

COMODO CA Limited

Valid from:

5/27/2014 1:00:00 AM

Valid to:

5/28/2015 12:59:59 AM

Subject:

CN=Rollnon, O=Rollnon, STREET=3600 136th Pl SE, L=Bellevue, S=WA, PostalCode=98006, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6C8BE128901FD5CAC240ACBD1CC43ABC

File PE Metadata

Compilation timestamp:

6/6/2014 7:10:03 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:TRXmOU+Dwz3q4d6pvICQA52dSp7AzjjyZZc+KsH/C/ZrdxnqxWox:LU+b06pvNQAuuVA+9qddZqxWa

Entry address:

0x22565

Entry point:

E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, E8, EC, 47, 00, E8, 65, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 54, 7F, 48, 00, BA, 50, 7F, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AF, B4, FF, FF, 59, FF, 76, 04, E8, A6, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 54, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B... 
[+]

Code size:

398.5 KB (408,064 bytes)

The file flappy.exe has been seen being distributed by the following URL.

http://s.vsafesw.com/stub/.../Flappy.exe

Remove flappy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.