mymusictubesetup_ff.exe

NCIS Technologies Limited

The application mymusictubesetup_ff.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
4db068cbe5e470daad22fb351aa33bf5

SHA-1:
ba606d5051566b5f51a5498a49c5d31def9af59c

SHA-256:
977dfbe169d825eb252c60906e6800fb748aaf2cb4e201d06466d2aded03a69b

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:51:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Relevant.CA
272

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.212.68

avast!
Win32:PUP-gen [PUP]
2014.9-160507

AVG
Skodna.Generic_c
2017.0.2750

Bitdefender
Dropped:Adware.Relevant.CA
1.0.20.640

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
21188

Dr.Web
Adware.Relevant.81
9.0.1.0128

Emsisoft Anti-Malware
Dropped:Adware.Relevant.CA
8.16.05.07.03

ESET NOD32
Win32/Adware.MarketScore
10.11223

F-Secure
Dropped:Adware.Relevant.CA
11.2016-07-05_7

G Data
Dropped:Adware.Relevant.CA
16.5.25

Malwarebytes
Adware.RKN
v2016.05.07.03

MicroWorld eScan
Dropped:Adware.Relevant.CA
17.0.0.384

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
0.30.0.296

Norman
RelevantKnowledge.A
11.20160507

nProtect
Dropped:Adware.Relevant.CA
15.02.23.01

Rising Antivirus
PE:Trojan.Win32.Generic.12DAF3FC!316339196
23.00.65.16505

Sophos
RelevantKnowledge
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
37842

File size:
487.9 KB (499,560 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mymusictubesetup_ff.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/14/2011 7:00:00 PM

Valid to:
12/14/2012 6:59:59 PM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:NZNYwCpph6UPMblrj0eFrggMlwcdr0zA5Cw:NZNYwch1MbNxNObdz5Cw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9356

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mymusictubesetup_ff.exe - Powered by Reason Core Security