» não confirmado 9165.crdownload
Overview
Analysis
File Details

não confirmado 9165.crdownload

Setup

Start Playing (Start Playing (KnockApps Limited))

The file não confirmado 9165.crdownload by Start Playing (Start Playing (KnockApps Limited)) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

Publisher:

Start Playing (Start Playing (KnockApps Limited)) (signed and verified)

Product:

Setup

Version:

1.9.3.0

MD5:

646e71749e95533b2d5d8688a45bec25

SHA-1:

80a529c1de2da7ab75a9789b2539ad7e724bcd51

SHA-256:

dca00064e0d37508dc7909590028f9c9189930d6f6611742fa9f510cbf28b0cb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/6/2024 2:07:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OutBrowse (M)

17.3.6.8

File size:

1.1 MB (1,149,848 bytes)

Product version:

1.9.3.0

Setup

Original file name:

Ionic.Zip-2015Mar01-121204-b70c794a-2159-4379-b139-074a458545fa.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\não confirmado 9165.crdownload

Digital Signature

Signed by:

Start Playing (Start Playing (KnockApps Limited))

Authority:

COMODO CA Limited

Valid from:

10/26/2014 10:00:00 PM

Valid to:

10/27/2015 9:59:59 PM

Subject:

CN=Start Playing (Start Playing (KnockApps Limited)), O=Start Playing (Start Playing (KnockApps Limited)), STREET=3rd Floor Ulysses House, STREET=Foley Street, L=Dublin, S=Ireland, PostalCode=1, C=IE

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D34BF2756FD3AD9451D9D46AD6D3194A

File PE Metadata

Compilation timestamp:

3/1/2015 9:12:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

Remove não confirmado 9165.crdownload - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.