home

intel-gma-3100-15.12.75.4.64.1930.exe

Toggle Downloader

Bibado Investments, S.L.

The application intel-gma-3100-15.12.75.4.64.1930.exe by Bibado Investments, S.L has been detected as adware by 0 anti-malware scanners. The program is a setup application that uses the Bibado Downloader installer. The file has been seen being downloaded from www.presenttodaycenter.com.
Publisher:
Bibado Investments, S.L.  (signed and verified)

Product:
Toggle Downloader

Version:
1.0.5.52934

MD5:
53a5c449fdae0da0b377398b8e43ce69

SHA-1:
89cfb48e8a1cee212261cdb3b204c8cc5dfa20d9

SHA-256:
79ca6c8a13f185979687aae0f2662a8eeeed27418a64f815085a84cf7a4826d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 9:27:55 AM UTC  (today)

File size:
1.2 MB (1,275,336 bytes)

Product version:
1.0.5.52934

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\intel-gma-3100-15.12.75.4.64.1930.exe

Digital Signature
Signed by:
Bibado Investments, S.L.

Authority:
GlobalSign nv-sa

Valid from:
1/13/2016 2:57:03 AM

Valid to:
4/2/2017 9:32:01 PM

Subject:
CN="Bibado Investments, S.L.", O="Bibado Investments, S.L.", L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121212301396FAE08B19C17F8D9578163C9

File PE Metadata
Compilation timestamp:
2/19/2016 12:13:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:exmdsKWEqY0axg2TjCfH5orzzog3V3sltXyTBXWSwlvPd2:ewXUMZEozzog3V8nCdSvA

Entry address:
0x12F91E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8258

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,235,456 bytes)

The file intel-gma-3100-15.12.75.4.64.1930.exe has been seen being distributed by the following URL.

http://www.presenttodaycenter.com/c?x=OdIqVcylHSTsbEB03 MydTEPfqcB1eFEPGieemNag5s=&c=u5ydUzIlKjMbOBIz0TYRQy3ZRRoWZXVtBFQgMNakIIj5hZz6CFC1Q87QmCRufl9yzSIbjfA TXa llg7rVBlbAffhkCBIZY2tSdOCPasSTdI3CSYp3/1Dd5H4zT9KqYm&downloadAs=intel-gma-3100-15.12.75.4.64.1930.exe&fallback_url=http://pf.benjaminstrahs.com/s/1456370634/en/.../2/221273-1796890-intel-gma-3100.exe

Remove intel-gma-3100-15.12.75.4.64.1930.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.