home

mainpackfa2703.exe

Terra Firma Internet Consulting LTD

The application mainpackfa2703.exe by Terra Firma Internet Consulting has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files.download1click.ws.
Publisher:
Terra Firma Internet Consulting LTD  (signed and verified)

MD5:
116255f0adb5077a39fc5ee3f7d889b4

SHA-1:
1ddbca85711d082f665c0145b8e5117bdffdf19e

SHA-256:
717e771afe6d80981b21825497911ebaaf2fdda6c0695f854645361ef0bbc49c

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/16/2024 9:29:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-UHI [PUP]
2014.9-140210

Comodo Security
Application.Win32.Downware.G
17663

Dr.Web
Adware.Downware.627
9.0.1.041

Reason Heuristics
PUP.TerraFirmaInternetConsulting.O
14.8.7.23

File size:
784.7 KB (803,512 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mainpackfa2703.exe

Digital Signature
Signed by:
Terra Firma Internet Consulting LTD

Authority:
Thawte, Inc.

Valid from:
5/21/2012 1:00:00 AM

Valid to:
5/15/2013 12:59:59 AM

Subject:
CN=Terra Firma Internet Consulting LTD, O=Terra Firma Internet Consulting LTD, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A1E86793244EC30F46537E0AE0F0FB3

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:WUkJRyu1nUebC8ztZcEfSfzPPgBrHj3fmf:WNJIu1nUeugfmbgh7fmf

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mainpackfa2703.exe has been seen being distributed by the following URL.

http://files.download1click.ws/MainPackFA2703.exe

Remove mainpackfa2703.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.