» h-alarm-setup.exe
Overview
Analysis
File Details
Downloads (1)

h-alarm-setup.exe

Rational Thought Solutions

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application h-alarm-setup.exe by Rational Thought Solutions has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

h-alarm-setup.exe

Publisher:

Rational Thought Solutions (signed and verified)

MD5:

64b8e24f1c17cb6df3f73bc07c4a9fcc

SHA-1:

75ab086afaaf6c4988b3a05a454e29be496d5f41

SHA-256:

f37689784fa83d559eca9b42ffbaf418e86bdc4d4e55ced96103f58078e9ba13

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

11/6/2024 2:18:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1351279

582

Agnitum Outpost

PUA.PullUpdate

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2015.06.16

Avira AntiVirus

ADWARE/Adware.Gen7

8.3.1.6

Arcabit

Application.Generic.D149E6F

1.0.0.425

AVG

Generic_r

2016.0.3060

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.1573

Bitdefender

Application.Generic.1351279

1.0.20.920

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Yontoo.68

9.0.1.0184

ESET NOD32

MSIL/Adware.PullUpdate

9.11793

Fortinet FortiGate

Adware/PullUpdate

7/3/2015

F-Secure

Application.Generic.1351279

11.2015-03-07_6

G Data

Application.Generic.1351279

15.7.25

IKARUS anti.virus

AdWare.Agent

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.205.16253

Malwarebytes

PUP.Optional.HealthAlert.A

v2015.07.03.12

MicroWorld eScan

Application.Generic.1351279

16.0.0.552

NANO AntiVirus

Riskware.Win32.Yontoo.dqmtwk

0.30.24.2086

Panda Antivirus

PUP/PullUpdate

15.07.03.12

Qihoo 360 Security

HEUR/QVM42.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.MSJDGBTIR.OD6

7.15.14.00

Reason Heuristics

PUP.Injekt.RationalThoughtSolutions.Installer (M)

15.7.3.0

Rising Antivirus

PE:Adware.PullUpdate!6.258A

23.00.65.15701

Trend Micro House Call

Suspicious_GEN.F47V0612

7.2.184

Vba32 AntiVirus

AdWare.SaMon

3.12.26.4

VIPRE Antivirus

Injekt

41178

File size:

4.3 MB (4,459,376 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\h-alarm-setup.exe

Digital Signature

Signed by:

Rational Thought Solutions

Authority:

Symantec Corporation

Valid from:

1/23/2015 10:00:00 PM

Valid to:

4/24/2016 8:59:59 PM

Subject:

CN=Rational Thought Solutions, O=Rational Thought Solutions, L=St. James, S=St. James, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

00B81C1C4DB6AD87B9B581116F115E4C

File PE Metadata

Compilation timestamp:

6/6/2009 6:41:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:+OTi8t+25sTl8qGk5zsezewGa5oWO4udcnQdn36t8Rat+25sTl8G:nie+3lDGUYOGa5oL4u+Q+6w+3ld

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file h-alarm-setup.exe has been seen being distributed by the following URL.

http://secured.westsecurecdn.us/.../H-Alarm-Setup.exe

Remove h-alarm-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.