flv2pcinstaller.exe

Nextup

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flv2pcinstaller.exe by Nextup has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from i.greatappsfree.com.
Publisher:
Nextup  (signed and verified)

Version:
1.0.0.5

MD5:
aa3d2b501fae67b3e42a64924f3778ac

SHA-1:
74db7b292703489b89b336bda9e6085b3e1c8e3c

SHA-256:
c2ee8e5f8d1f0b71d77337d11106bc0e7f626b30b1b1a3ca20001f861089ba40

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 9:58:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge.Nextup.Bundler (M)
16.2.13.8

File size:
594.5 KB (608,800 bytes)

Product version:
1.0.0.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flv2pcinstaller.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/22/2014 2:00:00 AM

Valid to:
5/23/2015 1:59:59 AM

Subject:
CN=Nextup, O=Nextup, STREET=10900 NE 8TH ST, STREET=STE 1000, L=Bellevue, S=WA, PostalCode=98004, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C705E6F899AC0C37A4458683DB2745BB

File PE Metadata
Compilation timestamp:
6/2/2014 11:38:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:R2+SkudwTvelQUvoCSo5EbrQtKg0Th2X7XKsHOn8eonqxq+t:+kuAeQUvNSoS0C4X9Qf4qxq0

Entry address:
0x22565

Entry point:
E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, D8, EC, 47, 00, E8, 65, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 54, 7F, 48, 00, BA, 50, 7F, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AD, B4, FF, FF, 59, FF, 76, 04, E8, A4, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 54, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B...
 
[+]

Code size:
398.5 KB (408,064 bytes)

The file flv2pcinstaller.exe has been seen being distributed by the following URL.

Remove flv2pcinstaller.exe - Powered by Reason Core Security