mymusictubesetup_ch.exe

NCIS Technologies Limited

The application mymusictubesetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
fc524429148a02014c9aeffb0d0442f0

SHA-1:
df5e8d0f29de7ef3576952dfd0ac36c9758da081

SHA-256:
4fd4d1e038a04a26443ae171a5fb526965ed1c0ba7cd930598196897602ba975

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:47:39 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.37.248

avast!
Win32:PUP-gen [PUP]
2014.9-160411

AVG
RelevantKnowledge
2017.0.2777

Bitdefender
Adware.Relevant.BH
1.0.20.510

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
13086

Dr.Web
Adware.Relevant.81
9.0.1.0102

ESET NOD32
Win32/Adware.MarketScore
10.7338

Fortinet FortiGate
Adware/Marketscore
4/11/2016

F-Secure
Adware.Relevant.BH
11.2016-11-04_2

G Data
Adware.Relevant.BH
16.4.22

nProtect
Adware.Relevant.BH
12.07.29.01

Sophos
RelevantKnowledge
4.79

Trend Micro House Call
TROJ_GEN.USBG20AHM
7.2.102

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
12416

File size:
490.1 KB (501,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mymusictubesetup_ch.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/14/2011 4:00:00 PM

Valid to:
12/14/2012 3:59:59 PM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ze343FTsgjwYU9p1drseyoahd7eTRbzKdKPiub4IRwqm7+BdXOlweOM5vbrrozAJ:3FBwNlrj0eFrggMlwcdr0zA+UPMp25w

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9375

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mymusictubesetup_ch.exe - Powered by Reason Core Security