little_disk_cleaner_12_21_2012.exe

Little Disk Cleaner

Nicholas Hamnett

The application little_disk_cleaner_12_21_2012.exe, “Open source disk cleaner” by Nicholas Hamnett has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from getlittleapps.com.
Publisher:
Little Apps  (signed by Nicholas Hamnett)

Product:
Little Disk Cleaner

Description:
Open source disk cleaner

Version:
1.0.0

MD5:
d0be1ea728c7918443db07a4431cc1fb

SHA-1:
7fe11fefbf3c2d6251e88af02ea3d14d255943a1

SHA-256:
6ae720367314c9ca53490d22c4a3a7aed6c86997ebdcb1996a79b5a6f7e30384

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 5:33:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11672330
858

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.174.218

avast!
NSIS:OutBrowse-D [PUP]
2014.9-140930

Bitdefender
Dropped:Trojan.Generic.11672330
1.0.20.1365

Dr.Web
Trojan.Packed.28709
9.0.1.0273

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11672330
8.14.09.30.06

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10469

F-Secure
Dropped:Trojan.Generic.11672330
11.2014-30-09_3

G Data
Dropped:Trojan.Generic.11672330
14.9.24

IKARUS anti.virus
PUA.MSIL.Rebrand
t3scan.1.7.8.0

MicroWorld eScan
Dropped:Trojan.Generic.11672330
15.0.0.819

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62286

Reason Heuristics
PUP.Optional.NicholasHamnett.EE
14.10.1.11

Trend Micro House Call
Suspici.12797D5E
7.2.273

File size:
4.1 MB (4,313,016 bytes)

Copyright:
Copyright © Little Apps 2008

Trademarks:
Little Apps are licensed under the GNU General Public License v3

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\little_disk_cleaner_12_21_2012.exe

Digital Signature
Authority:
StartCom Ltd.

Valid from:
4/11/2014 2:07:27 AM

Valid to:
4/10/2016 6:06:36 AM

Subject:
E=nick@little-apps.org, CN=Nicholas Hamnett, L=Calgary, S=Alberta, C=CA, Description=9k6ekwkCO7QG1GnN

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0E0C

File PE Metadata
Compilation timestamp:
4/10/2010 8:19:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:VoekPbSmuqkriBedgI8sFM1kdrfodas3kC9VVofrKRYJ8Wn:VcPbS/ri4CNsJrQdaCzGrgYJJ

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9983

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file little_disk_cleaner_12_21_2012.exe has been seen being distributed by the following URL.

Remove little_disk_cleaner_12_21_2012.exe - Powered by Reason Core Security