microsoft works 6 0 downloader__3687_i1920188329_il107856.exe

Mega Boost

Chivas

The application microsoft works 6 0 downloader__3687_i1920188329_il107856.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site.
Publisher:
Chivas

Product:
Mega Boost

Description:
fast install

Version:
109.192.52.66

MD5:
c80a36dbcb81ea638f5f002845a34e02

SHA-1:
2482872401f21e0bf459642e9d6b0476d6c91268

SHA-256:
9cf6eec716cfd33a1a8c63c2b06a5652ec85842acd8227bd0be2a9db0c45e80d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 4:41:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.Chivas.Installer.Meta (M)
16.5.26.11

File size:
1 MB (1,078,784 bytes)

Product version:
109.192.52.66

Copyright:
Copyright 2016

Trademarks:
Pepcyc

Original file name:
tinyinstall.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\microsoft works 6 0 downloader__3687_i1920188329_il107856.exe

File PE Metadata
Compilation timestamp:
5/23/2016 4:53:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:UgyklB/+atp+1wKDChu75DysucCpNOkNwfAfZkm:Ug93+13C8ZIcCpNDZ

Entry address:
0x5DDF

Entry point:
E8, 85, 51, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 70, F4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 70, F4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, 58, F4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, 58, F4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Code size:
114 KB (116,736 bytes)

The file microsoft works 6 0 downloader__3687_i1920188329_il107856.exe has been seen being distributed by the following URL.