mymusictubesetup_ff.exe

NCIS Technologies Ltd.

The application mymusictubesetup_ff.exe by NCIS Technologies has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile. The file has been seen being downloaded from thewrapapp.com.
Publisher:
NCIS Technologies Ltd.  (signed and verified)

MD5:
4eae9cc3271fdd8cae22796639234c56

SHA-1:
941c549ed2c7ceffec69e49e887e2df3bd097142

SHA-256:
c91a34cf975fb12685c063bd4b70de1083bdd408912bcc0963d5a8aab2cd8fdf

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:00:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.91.114

avast!
Win32:PUP-gen [PUP]
2014.9-140828

AVG
RelevantKnowledge
2015.0.3368

Bitdefender
Adware.Relevant.BH
1.0.20.1200

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
16626

Dr.Web
Adware.Relevant.81
9.0.1.0240

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.08.28.08

ESET NOD32
Win32/Adware.RK.AQ
8.8592

Fortinet FortiGate
Riskware/RK
8/28/2014

G Data
Adware.Relevant.BH
14.8.22

Malwarebytes
PUP.Adware.RelevantKnowledge
v2014.08.28.08

Trend Micro House Call
TROJ_GEN.F47V0715
7.2.240

VIPRE Antivirus
Wajam
19746

File size:
824 KB (843,776 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mymusictubesetup_ff.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/17/2012 7:00:00 PM

Valid to:
12/18/2013 6:59:59 PM

Subject:
CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1F/5O33T5dayO0E6F9MCl+SvKmFwS4hn/043Of0eFrggMlwcdr0zA3yKRdrvaeL:1FROHT5gzgblFfUn/04+NObdz3THrvf

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9736

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mymusictubesetup_ff.exe has been seen being distributed by the following URL.

Remove mymusictubesetup_ff.exe - Powered by Reason Core Security