» installer_ares_spanish.exe
Overview
Analysis
File Details
Downloads (1)

installer_ares_spanish.exe

Tunorobemo

Bem

The application installer_ares_spanish.exe, “Tunorobemo Setup ” has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.grabtourstoday.com.

File name:

Publisher:

Bem

Product:

Tunorobemo

Description:

Tunorobemo Setup

Version:

3.2.1.7

MD5:

fe2c9426e2003553be4c97798d73cf96

SHA-1:

7529a46e582de216a14df976f43890ca7650fa76

SHA-256:

c98be6ac794853d188ffd2bc4bac9c76356e9dd0c4b391a3848e5d93b5da38e3

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 3:52:48 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160708-3

AVG

Win32/Sality

2015.0.4604

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.225.1590.0

Reason Heuristics

Adware.Bundler.ET (M)

16.7.17.2

File size:

1.1 MB (1,106,128 bytes)

Product version:

2.1.0

Installer

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\installer_ares_spanish.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:DC7ssQCOOmBWN77+UtRzEJYabTZ8NKg9izYbTv6vRmxyu:DmRQYNeUthExPSNwoeg

Entry address:

0xA5F8

Entry point:

F6, C6, 15, 87, FB, 69, C9, DE, 8C, 9C, 32, FE, CA, 89, F6, 87, CE, 8A, C6, 51, 68, 3B, 3D, A7, 00, 69, DF, 07, 7A, D9, 31, 80, DD, AA, 8D, 15, 2F, 85, 67, 22, 69, E9, 5D, F3, 32, 4E, C7, C6, 34, 7C, D2, A4, 0F, B7, F9, E8, 00, 00, 00, 00, 8A, C3, 48, F3, 0F, BF, DA, FF, C8, 1C, C0, 88, CE, 32, D4, 8A, C9, F7, C5, DC, 5C, 3D, 59, F3, B8, EC, 7C, 00, 00, F3, 8B, FF, 0F, BE, D8, 35, 6D, 8C, 00, 00, 8D, 0D, E5, 63, 54, 37, C6, C5, A9, FE, CA, BA, F9, 19, FB, 38, F2, 84, F8, 69, FA, 40, FF, 33, 6B, 43, BF, 3C... 
[+]

Code size:

39.5 KB (40,448 bytes)

The file installer_ares_spanish.exe has been seen being distributed by the following URL.

http://www.grabtourstoday.com/WVl6OTRQV1kzY1hGcVMxaFpPR2RrVDBORWFUZGpORU5uVTJaRU1rUTBWbU4wVlhoMFVYRWxNa1pTYjA4eE4zbzFieVV6UkNaalBVMXhZVkpvZVZWWlNWTmxlQ1V5UW5oSVltaHBRME40UlZJMmRHZHFNSFZZTm01SldsRXliVWhsTlVadlJuZDBjMHBwWkV0VmFGZFJTREpaWTAxNmJFdFVjV3RsVEVwNGFUVXpSR3BUT0ZsV1VrTWxNa0p4WVhGaFduTXhNMVJFYm1acE5WVnRNblZPVTNKeVNURllSa3AyTm1WclMwRnBPRk0xVkZFM1pYRkVjRkZHUkNaa2IzZHViRzloWkVGelBXbHVjM1JoYkd4bGNsOWhjbVZ6WDFOd1lXNXBjMmd1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2VHMXNhVzV6ZEdOd0xXWndiUzV3YjNKMFlXd3RabUZqZEc5eWVTNWpiMjBsTWtaamJXUWxNa1psY25KdmNsOXBZeTV3YUhBbE0wWjRjbWx3SlRORU1UYzVMalF3TGpReUxqSWxNalpqYjNWdWRISjVZVElsTTBSQlVpVXlObkJoY25SdVpYSWxNMFJUUlU4bE1qWnZjbWxuWlc0bE0wUlRSVThsTWpad2NtOW5jbUZ0SlRORVFYSmxjeVV5TmpOa2NHRnlkSGxmWTJoaGJtNWxiQ1V6UkZORlR6QXdXamxsTVRFd05ERTBaR1U0WTJVeU1XTTNOek13WlRjNFlXTmtaamt6TkdFeEpUSTJiM1VsTTBSb2RIUndKVEkxTTBFbE1qVXlSaVV5TlRKR1lYSmxjeTVqYjIwdVpYTWxNalprZFNVelJHaDBkSEFsTWpVelFTVXlOVEpHSlRJMU1rWmtiM2R1Ykc5aFpDNXBibk4wYzJWdkxtTnZiU1V5TlRKR2FXNXpkR0

Remove installer_ares_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.