legendas.exe

Legendas 2.32

GT CONSULTORIA EM INFORMATICA LTDA

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application legendas.exe, “Legendas 2.32 Setup ” by GT CONSULTORIA EM INFORMATICAA has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.subtitles4free.net and multiple other hosts.
Publisher:
LegendasBrasil.com.br   (signed by GT CONSULTORIA EM INFORMATICA LTDA)

Product:
Legendas 2.32

Description:
Legendas 2.32 Setup

MD5:
3a34a466d7c57f831b49b570a6a449f0

SHA-1:
9cf1cf666b7f75722c3a8e89c5a0da07c9fb4ee3

SHA-256:
5fb9056cdd2d2025add1d727634f74352d774ff41ab3ce8c95a160ea22e2c904

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 1:12:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.GTCONSULTORIAEMINFORMATICAA.I
15.1.4.13

File size:
2 MB (2,071,872 bytes)

Product version:
2.32

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\legendas.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
6/4/2013 9:00:00 PM

Valid to:
6/23/2014 9:00:00 AM

Subject:
CN=GT CONSULTORIA EM INFORMATICA LTDA, O=GT CONSULTORIA EM INFORMATICA LTDA, L=Juiz de Fora, S=Minas Gerais, C=BR

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06078E7C0FFB7F5B89A9F5369710BC1E

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:x9YTtZQpPTx+Gg5DP/xMecUg/XEHP3/lntfRgK1:vYTcPdbKrxMecUgcHP3dnp1

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file legendas.exe has been seen being distributed by the following 8 URLs.

http://www.subtitles4free.net/download.php?software=Legendas232

http://i1.proffiiget.in/.../Legendas231.exe

Remove legendas.exe - Powered by Reason Core Security