home

motosimsetup.exe

ProfitServis LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application motosimsetup.exe by ProfitServis has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the ProfitServis Downloader installer. The file has been seen being downloaded from rum11l1790xbbjf.rockproof.ru.
Publisher:
ProfitServis LLC  (signed and verified)

Version:
1.0.0.0

MD5:
f4838ecd7b4e4b9df82140e1983967a3

SHA-1:
4d5bfa76a5a7f8aba438b7e4a59650058ab5c389

SHA-256:
3f7a79574a3c181a9034dadef9670fb46e17ebb26f62f3eb8be0e36b608c4410

Scanner detections:
16 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/1/2024 3:30:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.InstallMonster
2014.09.23

Avira AntiVirus
APPL/InstallMon.enib
7.11.173.232

avast!
InstallMonstr-FY [PUP]
2014.9-141104

AVG
Generic
2015.0.3354

Dr.Web
Trojan.InstallMonster.953
9.0.1.0254

ESET NOD32
Win32/InstallMonstr.FO (variant)
8.10451

F-Prot
W32/A-4193a7fa
v6.4.7.1.166

herdProtect (fuzzy)
variant of realtek_ethernet_usb_10_100_1000m_01082014_allwin.exe (Adware)
2014.11.4.16

K7 AntiVirus
Unwanted-Program
13.183.13451

NANO AntiVirus
Trojan.Win32.Agent.deqogs
0.28.2.62286

Norman
InstallMonstr.S
11.20140911

Reason Heuristics
PUP.Installer.ProfitServis.M
14.9.26.15

Sophos
Install Monster
4.98

Vba32 AntiVirus
Signed-Downware.InstallMonstr
3.12.26.3

VIPRE Antivirus
Threat.4150696
33120

File size:
2.6 MB (2,774,880 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
ProfitServis Downloader

Digital Signature
Signed by:
ProfitServis LLC

Authority:
Thawte, Inc.

Valid from:
5/21/2014 6:00:00 AM

Valid to:
5/22/2015 5:59:59 AM

Subject:
CN=ProfitServis LLC, O=ProfitServis LLC, L=Village of Kommunar, S="Kharkiv District, Kharkiv Region", C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
259670E42586FCE460513727E39AB7DF

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:mpbdPtHPpGOEakNOUATvVWMZtEjRnSmIKKPdeKYsWI:wRNPLE3lAT9WMZ+1NIKKFe2

Entry address:
0x591F00

Entry point:
60, BE, 00, D0, 7A, 00, 8D, BE, 00, 40, C5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1.9 MB (1,990,656 bytes)

The file motosimsetup.exe has been seen being distributed by the following URL.

http://rum11l1790xbbjf.rockproof.ru/eyJ2ZXIiOiIxIiwic2lkIjoiMzAxMCIsInVybCI6Imh0dHA6Ly8yLmJlenNtcy5vcmcvZmlsZXMvNC9qODk2ajBnenJ6aW5xMS9Nb3RvU2ltU2V0dXAuZXhlIiwibmFtZSI6Ik1vdG9TaW1TZXR1cC5leGUiLCJzaXplIjoiMjY1NDA3NjAiLCJybmQwIjo3Mzg5NzIzNTM1MTYxNH0=

Remove motosimsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.