moviedea_automatic_test4_10528.exe

The application moviedea_automatic_test4_10528.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from secured.cdnawbwest.us.
MD5:
b8698ded85a64488557054f895c171c5

SHA-1:
b15d4bee72d098494e5f019dda1ecfcbe3552b15

SHA-256:
0b0b6a03eac0ddbe6ee1f0e520911e63ea217c2a3be70ebbf2f5b9f8f0442310

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 11:55:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallMonetizer.Gen
8.3.2.4

AVG
AdInstaller
2017.0.2769

Baidu Antivirus
Hacktool.NSIS.SilentInstall
4.0.3.16419

ESET NOD32
Win32/InstallMonetizer.BJ potentially unwanted
10.12655

G Data
NSIS.Application.Admonetizer
16.4.25

IKARUS anti.virus
not-a-virus:Downloader.SilentInstall
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18026

Kaspersky
not-a-virus:Downloader.NSIS.SilentInstall
14.0.0.338

Malwarebytes
PUP.Optional.CheckOffer
v2016.04.19.08

McAfee
Artemis!B8698DED85A6
5600.6425

Microsoft Security Essentials
SoftwareBundler:Win32/InstallMonetizer
1.1.12300.0

NANO AntiVirus
Riskware.Win32.InstallMonetizer.dymuwe
0.30.26.4751

Panda Antivirus
Trj/CI.A
16.04.19.08

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.InstallMonetizer.ET (M)
16.4.19.8

Sophos
AppMonetizer Installer (PUA)
4.98

SUPERAntiSpyware
Adware.InstallMonetizer/Variant
9194

Trend Micro
TROJ_GEN.R047C0OKL15
10.465.19

Vba32 AntiVirus
Downloader.SilentInstall
3.12.26.4

VIPRE Antivirus
Adware.Adinstaller
45552

ViRobot
Adware.Installmonetizer.228614[h]
2014.3.20.0

File size:
223.3 KB (228,614 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\moviedea_automatic_test4_10528.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:SFJ0SOlm7pJ59E6rTUadigTZyt5q2pd5A8Wwk:IH7pBxddZybJd5A80

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file moviedea_automatic_test4_10528.exe has been seen being distributed by the following URL.

Remove moviedea_automatic_test4_10528.exe - Powered by Reason Core Security