net line x65 sd atualizao 16.exe

BRASFIELD LLC

The application net line x65 sd atualizao 16.exe, “Download da Internet” by BRASFIELD has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from baixegetit.net.
Publisher:
yTVnQOo5hT6GbOusu  (signed by BRASFIELD LLC)

Description:
Download da Internet

Version:
8.3.4.6

MD5:
6382e4b947793295d01f502569ecbc4b

SHA-1:
827cbc63a20146e2b327b4b981e2cc34117086da

SHA-256:
e8458a2368f0e7cb74522b9975dba4dff3a4050cfe24848a9a318ec2daa50cd5

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:25:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Adload.G
5753514

AhnLab V3 Security
PUP/Win32.Adload
2015.06.12

Avira AntiVirus
ADWARE/Adware.Gen7
8.3.1.6

Arcabit
Adware.Adload.G
1.0.0.425

avast!
Downloader-ACE [PUP]
150602-1

AVG
Downloader.NSIS
2015.0.4355

Baidu Antivirus
PUA.Win32.Adload
4.0.3.15611

Bitdefender
Adware.Adload.G
1.0.20.810

Comodo Security
TrojWare.Win32.TrojanDownloader.Adload.ZQXT
22418

Emsisoft Anti-Malware
Adware.Adload
10.0.0.5366

ESET NOD32
NSIS/TrojanDownloader.Adload.AM trojan
7.0.302.0

Fortinet FortiGate
Adware/AdloadAM
6/11/2015

F-Secure
Adware.Adload.G
11.2015-11-06_5

G Data
Adware.Adload
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16218

McAfee
Trojan.Artemis!6382E4B94779
17.6.569.0

MicroWorld eScan
Adware.Adload.G
16.0.0.486

NANO AntiVirus
Trojan.Nsis.Genome.drxdjx
0.30.24.2086

Norman
Adware.Adload.G
02.06.2015 14:23:46

nProtect
Adware.Adload.G
15.06.11.01

Sophos
PUA 'AdLoad' (of type Adware)
5.15

Trend Micro House Call
TROJ_GEN.R00GB01EA15
7.2.162

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4785227
40830

File size:
74.4 KB (76,224 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\net line x65 sd atualizao 16.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
5/5/2015 5:42:38 PM

Valid to:
4/21/2016 3:24:39 PM

Subject:
CN=BRASFIELD LLC, O=BRASFIELD LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00975D4C0519C5095A

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:GoLDYsacy7mHMowHjXJF5BviSlqSyPhPmpJwPKbiGca9:GoPyys5jXJF5BaJzPqeyW+

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file net line x65 sd atualizao 16.exe has been seen being distributed by the following URL.

Remove net line x65 sd atualizao 16.exe - Powered by Reason Core Security