javaplugin.exe

Lote

Perets Smart, TOV

The application javaplugin.exe, “Lote Setup ” by Perets Smart, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.toursbitsbyte.com.
Publisher:
Lucodeh   (signed by Perets Smart, TOV)

Product:
Lote

Description:
Lote Setup

MD5:
de93f2599bf74979936fbc942f07de28

SHA-1:
de6a803b4ded55d84353cd0501553c5260e63c12

SHA-256:
0445e5aa7e2a18a254d7b0c2e8d594cc0dcbee0830879efb2982f9b936d4655c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 4:03:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.0

File size:
949.3 KB (972,064 bytes)

Product version:
4.6.2

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\javaplugin.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/25/2016 5:00:00 PM

Valid to:
5/26/2017 4:59:59 PM

Subject:
CN="Perets Smart, TOV", OU=IT, O="Perets Smart, TOV", STREET="Bud. 8 kv. 60, bul. Lesi Ukrainky", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
13E2E656DC165E1ACE084B816FB003FB

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9334

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file javaplugin.exe has been seen being distributed by the following URL.

http://www.toursbitsbyte.com/IA2HzzEGhBSb48qAWXDFdDjPIIGjJ8f3onVqNsDu7zmzehYOCg9O2yOgCogxEjuZSGbUD1L5KPkT2Lqj4EONZkEfLK_3w6Bcbajy3 Kbm980u9dxOgT1MYC2wJ4072dwDVDAQbkrbjatRlsT45xtldQOlG9VCbVEWf9V8r4jNFja ONUgquXoq7fjlayDUFndFhhf4q2aQAWe8ZqE2KiQhmELmXe443bLpsH1UxzcbCuyPKA_hz8FQnbTzWqcIyNIp4A9nySivJhBEkUBHrzMPz1JQMGAXcH8jGHKDgDptGkQ8MN3lmyB DYDAsJURIvpKWlimyxYNk6GC3SEwt8nv0DsmXL7wbXTbz9BPI_8uga4DJD1w5vrMsBadXYWh_ Vs7j8IVpGCpTeWLwtO9lafXmWwxB4FSxkn3L0APgg2hNXXw4PRYr4IMg9kcLFvO5antTvU4Ix3T64XwdPJV 7l6was60jOfFW8R4Rn1QQ8UQKzj2ny1f2pw6c25MoisSi5kohUX7tGtUYxg oVm7zUFKyTSzqVXopVgLbkuiImqDZOJD t33aicHfbm_wi_EPxB9v6AANEVSUBwm4n5LRgpEMPQCdQQQ8MklG8aSUnVnoLsXKmk9_6jfQQTAQTYGp0tOcSc9ILpkULhZ6muP3I5WKeRNe_Fqq2R95dPQlIci34EWwOKInNBKD QwyfwS_hvhAD24PGWZpM n90y3h16fTTQSrC9Ky69zyKEZlus7uxHPUujDkaH8sFMg34H3rvEmhS7 LYVzamHLLU7_FNm47rg5ruK78kPDzxKJBvTqilO9ynyJu8pZ42CpEe32VXWsyz4RHUYlKosMrNLfnOPDIK_0Gw==-GzwAAORtm8 QRt34QeNKWgliEI3qQjZpSCIJdikaF PK_Y7pmOI3gMDtNyNbk3FCFVZqRr_oAXkC

Remove javaplugin.exe - Powered by Reason Core Security