javaplugin.exe

Lote

Perets Smart, TOV

The application javaplugin.exe, “Lote Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.funcycledownload.com.
Publisher:
Lucodeh   (signed by Perets Smart, TOV)

Product:
Lote

Description:
Lote Setup

MD5:
63cd447996042a41cee343195d5a7ca2

SHA-1:
5a091ea62c3f606c6dbc2518485c16f294de2f01

SHA-256:
2d9b0a51c788364435865c4bd28b7784d2ac8342a7efaf74dba66eb88a641e50

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 9:00:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.0

File size:
949.3 KB (972,064 bytes)

Product version:
4.6.2

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\javaplugin.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 5:00:00 PM

Valid to:
5/26/2017 4:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9334

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file javaplugin.exe has been seen being distributed by the following URL.

http://www.funcycledownload.com/EHTcZ3wieWifuaqkZy16poiMzFIRQZBEjP22wxQ5yOjUWfkDvCQ17SlFsS9tq5o0oBzJY Y9swPynG9ZN5idOxqLpNPhAzDRoEUXtWTzGzHi bTM_DKERuIgZBemdb 3qoUefqZvcy7YZxXI sosL6JOxvONPdkVPZJT_GtdMS1jGRSuDswGP1I7h7WzktOsib2IG_ul0fsDU5v__27iqS1hWLIDSs3DAZgmmbdvFWDwLGiltMQho9E7kFK4_pnWTr 7Bm7DQaEqUUeWMQ2nXObwkfPZOrHs4jPWC2Q7OfZ24RMREihr4HmmGat_IWn5u1FNrl4HIcAUHY9G bxVIamo HB0NSz2WgF0nJ2sQKq2Z7BXaqs8YiyZW_AA4rDvcmLv0bkXckAThbmgS62kuz4kGoEULKH3UyfA3bOBAKks6syJX2Cyl4lZBlC LdZLcd36zCgpFuvDRGom9S_MCuzf_nyJv2sMeOHDyOXjPTZX ugnSFrvOQyMqRQNFiQCfh9vYHcuAHSoNq1SK3q XgULonMacmnltTJiFS24a3KaIASAm5pzVzgZdDwUNfbyLb8ToUcGes4d07kpeOUBpkbw7HLztFh2zQp6AjEjA5XrFFVZKAI22yUlCKk83KrpDmddwZt6med8 qyEOQ6Yr7kF5Az24cofUpwEdZD3Xn3MxzA4ZYzNPCpALWU0lmhPDciIWf44CXTN9WCyJlecXf9PWV072mcICf3GABB5t8UWih6oTOXktyenr9EzHRp32JO4YUULbC3nvt2w8JP1u_lZfmm9lGKe82h_1h7qLHSEjKiD5eTEQm9oYzzp8FWt2oIRo4GwpdepKb rIiXkVZAa8L0t2A==-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove javaplugin.exe - Powered by Reason Core Security