getnow_downloader_for_google_chrome.exe

GetNow Download Manager

LiveSoftAction SRL

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application getnow_downloader_for_google_chrome.exe by LiveSoftAction SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
GetNow  (signed by LiveSoftAction SRL)

Product:
GetNow Download Manager

Version:
1.0.1.3

MD5:
243d3c3823f579967a8afffeef549a52

SHA-1:
392e161a4a77466f1d74ddbbdf89b3eb836b0fa8

SHA-256:
d850800d5385c20299187ae02cecc5227f14a001dc5879bdd6660f1c8577e40e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 7:29:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.LiveSoftActionSRL.Bundler (M)
15.7.26.12

File size:
336.7 KB (344,808 bytes)

Product version:
1.0.1.3

Copyright:
(c) GetNow. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\getnow_downloader_for_google_chrome.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/27/2012 10:34:53 AM

Valid to:
4/28/2014 10:34:53 AM

Subject:
CN=LiveSoftAction SRL, O=LiveSoftAction SRL, L=Bucharest, S=ROMANIA, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121270BFB2109FEE668AFBFDC336562CD2D

File PE Metadata
Compilation timestamp:
5/21/2012 11:29:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:U67VpBMW8bloqrHyeiVdu6Ma1x3AdWWubhTe9Rj2nO8f6P9:B7uW2LMGcx3bbS79

Entry address:
0x96C80

Entry point:
60, BE, 00, 80, 46, 00, 8D, BE, 00, 90, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.0905

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
188 KB (192,512 bytes)

Remove getnow_downloader_for_google_chrome.exe - Powered by Reason Core Security