home

gillian_flynn_verloren_vrouw_epub_downloader.exe

SimpleFiles Installer

Noverix Enterpriprise Ltd.

The application gillian_flynn_verloren_vrouw_epub_downloader.exe by Noverix Enterpriprise has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer.
Publisher:
New Monte Inc  (signed by Noverix Enterpriprise Ltd.)

Product:
SimpleFiles Installer

Version:
1, 0, 443, 1

MD5:
e5d81694491fc251f9376c9512b67a8d

SHA-1:
9559d2fe6ca3c0e99a96a2e86cf84d5461d0a086

SHA-256:
ecd3090adbe64ca619ace70ebd49a2ae299402a2d331aca43670c7ffa05e3c40

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 10:35:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury (M)
17.1.28.12

File size:
3.6 MB (3,804,632 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://simple-files.com (C) 2014

Original file name:
SimpleFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\gillian_flynn_verloren_vrouw_epub_downloader.exe

Digital Signature
Signed by:
Noverix Enterpriprise Ltd.

Authority:
DigiCert Inc

Valid from:
12/17/2012 1:00:00 AM

Valid to:
12/22/2014 1:00:00 PM

Subject:
CN=Noverix Enterpriprise Ltd., O=Noverix Enterpriprise Ltd., L=Road Town, S=Tortola, C=VG

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D69D58F1B3EF4A92C6AF2BCCB515EDD

File PE Metadata
Compilation timestamp:
12/5/2014 3:10:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x75B26B

Entry point:
54, C7, 04, 24, 23, 6C, C4, 8B, 9C, E9, 56, 2E, 00, 00, E0, FE, A8, 52, 08, 71, 41, 2B, 47, F8, 45, DF, 43, 0A, 86, F5, 73, F2, 4A, 93, CD, A2, B0, 17, 7E, B2, FB, 70, 62, 36, DA, B1, F3, 5F, C5, CD, 9F, C5, AA, E1, 5D, 8F, E2, 80, 58, A0, AB, C7, BC, 11, 13, 51, 85, 66, 37, 4C, D8, A4, E5, DC, 39, 36, 94, 07, 08, 7E, F0, 73, B0, D5, CB, 14, 96, EB, BF, 31, B9, E7, D4, C2, 59, C2, 96, E5, 6D, D6, 78, 7D, 03, 5C, 4A, 39, 0F, DE, 96, E9, 67, E1, 6F, 7B, 47, FD, 09, DA, BF, B9, F1, 0A, 7D, E9, 4A, FE, 0A, 35...
 
[+]

Code size:
969 KB (992,256 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.