home

_mtb357479282353432732012.exe

aTube Catcher

DsNET Corp.

The application _mtb357479282353432732012.exe by DsNET has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download1724.mediafire.com and multiple other hosts.
Publisher:
DsNET Corp  (signed by DsNET Corp.)

Product:
aTube Catcher

Version:
2.7.778

MD5:
16ba8c49815b5b5cba4a2d4d635c9b91

SHA-1:
a271d9807c3dd1577be2f67e737af8d499358a4b

SHA-256:
0293bc6566905f6e2be668e3357f18a443c722bac9bfdd3725eb271f8ec4f5c4

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
11/23/2024 10:19:12 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.131225

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
7.9280

Malwarebytes
PUP.Optional.OpenCandy
v2013.12.25.11

Reason Heuristics
PUP.DsNET.aTube.Meta (M)
16.6.9.12

Rising Antivirus
PE:Trojan.VBInject!1.6546
23.00.65.131223

File size:
13.2 MB (13,837,088 bytes)

Product version:
2.7.778

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\_mtb357479282353432732012.exe

Digital Signature
Signed by:
DsNET Corp.

Authority:
The USERTRUST Network

Valid from:
3/8/2011 1:00:00 AM

Valid to:
3/8/2014 12:59:59 AM

Subject:
CN=DsNET Corp., O=DsNET Corp., STREET=Plan de Ayala M3 L30, STREET=Mexico Revolucionario, L=Ecatepec, S=Mexico, PostalCode=55266, C=MX

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009934C0F374A7790598E44428C2B46363

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:mJdfdmBznocN5srI0e+tMiK3WKJTeRQFi1b5kH:efdmBzocHp+tRjKV460OH

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file _mtb357479282353432732012.exe has been seen being distributed by the following 4 URLs.

http://download1724.mediafire.com/3pkppkp77cgg/.../aTube_Catcher_Setup.exe

http://www.e-programy.pl/.../d005aa27c9399945fb76707f02fc10f0.exe

http://files.dsnetwb.com/aTube_Catcher.exe

http://files.dsnetwb.com/aTube_Catcher_Setup.exe

Remove _mtb357479282353432732012.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.