home

mymusictubesetup_ch.exe

NCIS Technologies Limited

The application mymusictubesetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
02719b3fb889851372f768443993d95d

SHA-1:
082f84ba69b7fe506c5f535bc31257bc33cd5843

SHA-256:
c8dc3515291a6368979779ddd8260ba066ea903fdd9248f1662bb824fda2c885

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:08:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Relevant.CA
290

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.189.132

avast!
Win32:PUP-gen [PUP]
2014.9-160419

AVG
RelevantKnowledge
2017.0.2768

Bitdefender
Dropped:Adware.Relevant.CA
1.0.20.550

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
20227

Dr.Web
Adware.Relevant.81
9.0.1.0110

Emsisoft Anti-Malware
Dropped:Adware.Relevant.CA
8.16.04.19.08

ESET NOD32
Win32/WrapApp
10.10799

F-Secure
Dropped:Adware.Relevant.CA
11.2016-19-04_3

G Data
Dropped:Adware.Relevant.CA
16.4.24

Malwarebytes
Adware.RKN
v2016.04.19.08

McAfee
Artemis!02719B3FB889
5600.6424

MicroWorld eScan
Dropped:Adware.Relevant.CA
17.0.0.330

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
0.28.6.63726

Norman
RelevantKnowledge.A
11.20160419

Sophos
RelevantKnowledge
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Wajam
35238

File size:
458.8 KB (469,824 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mymusictubesetup_ch.exe

Digital Signature
Signed by:
NCIS Technologies Limited

Authority:
Thawte, Inc.

Valid from:
12/15/2011 1:00:00 AM

Valid to:
12/15/2012 12:59:59 AM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5FiYwCpKlrj0eFrggMlwcdr0zAZqZGD6hONkw:5FiYwpNxNObdzZqZGOONkw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mymusictubesetup_ch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.