fsecure.bagleaz.removal.tool_pcworld_downloader_3021_pc.exe

International Data Group Poland S.A.

The application fsecure.bagleaz.removal.tool_pcworld_downloader_3021_pc.exe by International Data Group Poland S.A has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.pcworld.pl and multiple other hosts.
Publisher:
International Data Group Poland S.A.  (signed and verified)

Version:
2.2.2.0

MD5:
ff0cd0d8da31a9e28cfbe4aa5c311ba2

SHA-1:
cd1ea49cc06cd73fde724f9652e50c3fa11f89c3

SHA-256:
8fbf807b7f535679529f076486306b642eb1c522c2f9617759f13af1d036eabb

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 1:24:51 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2015.03.19

avast!
Win32:SaliCode
2014.9-150319

Comodo Security
TrojWare.Win32.TrojanDownloader.banload.ek3
16260

Dr.Web
DLOADER.Trojan
9.0.1.0208

IKARUS anti.virus
AdWare.Gen2
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.201.15304

Microsoft Security Essentials
Threat.Undefined
1.193.2708.0

Norman
Sality.ZHB
11.20150319

Reason Heuristics
PUP.InternationalDataGroupPolandSA
15.3.20.19

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15317

Trend Micro House Call
PE_SALITY.RL
7.2.78

Trend Micro
PE_SALITY.RL
10.465.19

VIPRE Antivirus
Threat.4721115
38552

File size:
2 MB (2,127,552 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\downloads\fsecure.bagleaz.removal.tool_pcworld_downloader_3021_pc.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/3/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, S=mazowieckie, C=PL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6449CCE113496CFF0A184DD37F8C47BC

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:LX+X4PkX9kO6wyaWQ4PnY9ALXIMawNIvur/DHdzW3a:LX5lObyar4PnYeXIdwNaur/zdzwa

Entry address:
0x295B70

Entry point:
60, BE, 00, C0, 4E, 00, 8D, BE, 00, 50, F1, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1.7 MB (1,744,896 bytes)

The file fsecure.bagleaz.removal.tool_pcworld_downloader_3021_pc.exe has been seen being distributed by the following 7 URLs.

http://www.pcworld.pl/ftp/downloader/.../20759.html