mymusictubesetup_ch.exe

NCIS Technologies Limited

The application mymusictubesetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
0b76196206531239dd0e3afc8cc23d9b

SHA-1:
feac75f65cf663e8177f161e14f09977d296c852

SHA-256:
49d3de834738819afc745a8ba05300b840afffb668395871e7def74941a2cd71

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:11:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Relevant.BH
353

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
8.3.2.4

Arcabit
Adware.Relevant.BH
1.0.0.629

avast!
Win32:PUP-gen [PUP]
2014.9-160217

AVG
Skodna.Generic_c
2017.0.2831

Bitdefender
Adware.Relevant.BH
1.0.20.240

Clam AntiVirus
W32S.Adware.RelevantKnowledge-2
0.98/21511

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
23796

Dr.Web
Adware.Relevant.119
9.0.1.048

Emsisoft Anti-Malware
Adware.Relevant.BH
8.16.02.17.08

ESET NOD32
Win32/Adware.MarketScore
10.12751

F-Secure
Adware.Relevant.BH
11.2016-17-02_4

G Data
Adware.Relevant.BH
16.2.25

Malwarebytes
PUP.Optional.RKN
v2016.02.17.08

MicroWorld eScan
Adware.Relevant.BH
17.0.0.144

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
1.0.10.5081

nProtect
Adware.Relevant.BH
15.12.18.01

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16215

Sophos
RelevantKnowledge (PUA)
4.98

Trend Micro House Call
HV_RELEVANT_CB2435B1.TOMC
7.2.48

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Marketscore.RelevantKnowledge
45948

File size:
547.7 KB (560,800 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mymusictubesetup_ch.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/15/2011 1:00:00 AM

Valid to:
12/15/2012 12:59:59 AM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:IZ2Yw9jq/5iUkvlrj0eFrggMlwcdr0zAuw3:IZ2YwA5PQNxNObdzuw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mymusictubesetup_ch.exe has been seen being distributed by the following 2 URLs.

http://thewrapapp.com/www/delivery/ck.php?oaparams=2__bannerid=63__zoneid=2__OXLCA=1__cb=ffcda21991__oadest=http://www.wrapapp.net/apps/mymusictube/downloads/int/.../mymusictubesetup_CH.exe

Remove mymusictubesetup_ch.exe - Powered by Reason Core Security