metainstaller_aartemis_2013111118266.exe

metainstaller_aartemis

Skytouch Technology Co., Limited

The application metainstaller_aartemis_2013111118266.exe by Skytouch Technology Co., Limited has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.instcdn.com.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
metainstaller_aartemis

Description:
Skytech

Version:
3.0.2.3001

MD5:
11d129402b3e6c653359c7d0ae46c14c

SHA-1:
c71493a0ac1ca829fdd0bb34f7e79aab87b830f7

SHA-256:
7ce18cdb566dc2daeb97990fe8b0a2c1ea5f118f7862b743c801d8a85d50492f

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/26/2024 9:43:56 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.41
9.0.1.0364

Malwarebytes
PUP.Optional.Aartemis.A
v2013.12.30.07

Reason Heuristics
PUP.Installer.SkytouchTechnologyCoLimited.e
14.3.20.14

File size:
551.1 KB (564,376 bytes)

Product version:
3.0.2.3001

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\metainstaller_aartemis_2013111118266.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 7:52:17 AM

Valid to:
7/9/2014 10:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
11/7/2013 8:14:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:RYY8dpM3tsr3OaWCAcftf+mCl2oPsV/NZpTBLRsumzRdglpMOL2vNR:i7pM3tsfmL2oPsV/r3u/mvL2v

Entry address:
0x301F9

Entry point:
E8, D6, BB, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 10, 88, 46, 00, 85, C0, 75, 1D, E8, 7A, 91, 00, 00, 6A, 1E, E8, D0, 91, 00, 00, 68, FF, 00, 00, 00, E8, 47, 43, 00, 00, A1, 10, 88, 46, 00, 59, 59, 85, F6, 74, 04, 8B, CE, EB, 03, 33, C9, 41, 51, 6A, 00, 50, FF, 15, 38, 01, 45, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5B, 39, 05, 28, 8A, 46, 00, 74, 0D, 56, E8, D7, 6C, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 32, 11, 00, 00, 89, 18, E8, 2B, 11, 00, 00, 89, 18, 8B...
 
[+]

Code size:
315 KB (322,560 bytes)

The file metainstaller_aartemis_2013111118266.exe has been seen being distributed by the following URL.

Remove metainstaller_aartemis_2013111118266.exe - Powered by Reason Core Security