home

minilyrics.exe

Web Program

C.M.A.A.G Proactive And Investments Ltd

The application minilyrics.exe, “Web Program Setup ” by C.M.A.A.G Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.towerssendsign.com.
Publisher:
Installer   (signed by C.M.A.A.G Proactive And Investments Ltd)

Product:
Web Program

Description:
Web Program Setup

Version:
5.2.2.2

MD5:
cfc3d3727159da8e8127f944a6d0e4f3

SHA-1:
46eff98f8d6e00cd7df93023787bf59329198028

SHA-256:
d484351f29108027313b67832f728117a01657dfcab004df398c61c9ae019ae6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/8/2024 8:50:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.2.14.5

File size:
1004.2 KB (1,028,304 bytes)

Product version:
4.1.9

Copyright:
Software Web

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minilyrics.exe

Digital Signature
Signed by:
C.M.A.A.G Proactive And Investments Ltd

Authority:
GlobalSign nv-sa

Valid from:
11/11/2015 3:50:33 PM

Valid to:
11/11/2016 3:50:33 PM

Subject:
E=haim@c-m-a-a-g.com, CN=C.M.A.A.G Proactive And Investments Ltd, O=C.M.A.A.G Proactive And Investments Ltd, S=TEL AVIV-JAFFA, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CDD91A3A55F758D4D90BF9D5D6AD02EE

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9177

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file minilyrics.exe has been seen being distributed by the following URL.

http://www.towerssendsign.com/c?x=Cp99Sx9IP/c9QhQ5wDMF96nr/956i1FJhTu8cg1oeI4=&c=Buq1Naul7GQzTocjTgW0X1tsWFkXzVsjfP0Vz/dCn2FPKx6TXKlPTlgC3lknVX8IsKr7rQ/eUJcFne4eiRMUpXGaRcD 7GyS9iUSNf4Wt0 nCgR3XkZku 6qrOzox7OkSfuFnj6t LCxNNu6rqsOBw==&downloadAs=minilyrics.exe&fallback_url=http://id.downloadastro.com/.../?utm_source=ira&utm_medium=error_generating&utm_campaign=minilyrics

Remove minilyrics.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.