não confirmado 143152.crdownload

Grupo 8 Ideias

The file não confirmado 143152.crdownload by Grupo 8 Ideias has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent. The file has been seen being downloaded from baixarquivo.com and multiple other hosts.
Publisher:
Grupo 8 Ideias  (signed and verified)

Version:
1.0.0.1

MD5:
c826c234a662ae6d0a0423144f60f478

SHA-1:
c326e8915e2a9d7d996b2103c2ce31492c1c2a82

SHA-256:
3ee9aae70b3157aae4932314764413d4d084e76b085028b2aa2734a5fa2fb9fa

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
11/5/2024 10:17:34 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
AdLoad.R
2016.0.3033

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.15729

Dr.Web
Adware.Somoto.128
9.0.1.0210

ESET NOD32
Win32/Somoto.G potentially unwanted
9.11429

K7 AntiVirus
Adware
13.202.15489

Kaspersky
not-a-virus:Downloader.NSIS.AdLoad
14.0.0.1661

NANO AntiVirus
Riskware.Nsis.Adware.dpwuzb
0.30.8.659

Panda Antivirus
Generic Suspicious
15.07.29.07

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.BetterInstaller.A
7.15.14.00

Reason Heuristics
PUP.Grupo8Ideias.Installer (M)
15.7.29.19

Trend Micro House Call
TROJ_GEN.R0C1H07BR15
7.2.210

VIPRE Antivirus
Trojan.Win32.Generic
39086

File size:
421.2 KB (431,304 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\não confirmado 143152.crdownload

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/25/2014 9:00:00 PM

Valid to:
2/26/2015 8:59:59 PM

Subject:
CN=Grupo 8 Ideias, O=Grupo 8 Ideias, STREET=Rua Sabino dos Santos Nunes. 85, L=Cândido Mota, S=São Paulo, PostalCode=19880-000, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0080A4BC137A4C6273EF58CE0FC39ACAFA

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:NF3JmG/qLDdwtbTwMOVAPVCRETkgoLOwy:NF39EG50MERMOy

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file não confirmado 143152.crdownload has been seen being distributed by the following 2 URLs.

Remove não confirmado 143152.crdownload - Powered by Reason Core Security