gknqjtyk.acz.exe

Highlightly

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application gknqjtyk.acz.exe, “Highlightly Setup” by Highlightly has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr9.com.
Publisher:
Highlightly  (signed and verified)

Product:
Highlightly

Description:
Highlightly Setup

Version:
1.9.0.3

MD5:
9792b59d99cb4c7fb638732d0eaf315d

SHA-1:
d2a1ce7af95f8a4b2bc1f792d955a47db8409d69

SHA-256:
c9697aaf8fc14caaf378a2537cf6ed68c448eeb2e54d54e3174a0f9b3fb67641

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/24/2024 4:00:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NYA
1023

Bitdefender
Adware.Agent.NYA
1.0.20.535

Dr.Web
Adware.Plugin.101
9.0.1.0107

Emsisoft Anti-Malware
Adware.Agent.NYA
8.14.04.17.12

F-Secure
Adware.Agent.NYA
11.2014-17-04_5

G Data
Adware.Agent.NYA
14.4.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.HighLightly.A
v2014.04.17.12

MicroWorld eScan
Adware.Agent.NYA
15.0.0.321

NANO AntiVirus
Trojan.Win32.Plugin.cumlto
0.28.0.59288

nProtect
Adware.Agent.NYA
14.04.17.03

Reason Heuristics
PUP.Installer.Highlightly.L
14.4.17.12

Trend Micro House Call
TROJ_GEN.F47V0417
7.2.107

File size:
1.1 MB (1,101,008 bytes)

Product version:
1.9.0.3

Copyright:
(c) 2013 Highlightly

Original file name:
highlightly-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\gknqjtyk.acz.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
3/12/2014 4:03:11 PM

Valid to:
7/5/2015 4:25:40 PM

Subject:
E=support@gethighlightly.com, CN=Highlightly, OU=Highlightly, O=Highlightly, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212BBBE8825E5C9A20B6A396BBFD1C37FB

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:HKjswJ7+21mIx1TRxfDOaorYBfVbqycE0l+UzYZfqXI/X6:lwJC21me1HDOP03qhtwUifq2q

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8530

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file gknqjtyk.acz.exe has been seen being distributed by the following URL.

Remove gknqjtyk.acz.exe - Powered by Reason Core Security