next-car-game-programas-gratis-net.exe

Installer Internet Web

AgileMax (New Media Holdings Ltd.)

The application next-car-game-programas-gratis-net.exe, “Installer Internet Web Setup ” by AgileMax (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.besttoursvaults.com and multiple other hosts.
Publisher:
Software   (signed by AgileMax (New Media Holdings Ltd.))

Product:
Installer Internet Web

Description:
Installer Internet Web Setup

Version:
3.4.4.8

MD5:
3287cf3d9af2cbadf9fb36d901cccac6

SHA-1:
34cf3d3dd226657ff6cea63395ec7d803aec4a0a

SHA-256:
774f44e16852647b741907f2164617a07325018fb029b70355b030c80009158c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 2:37:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.Installer.Installer (M)
16.1.6.22

File size:
958.3 KB (981,304 bytes)

Product version:
3.1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\next-car-game-programas-gratis-net.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 9:04:31 AM

Valid to:
10/30/2016 12:53:45 PM

Subject:
CN=AgileMax (New Media Holdings Ltd.), O=AgileMax (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186313590F7C0AF7C143BC6BDE6200476

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:cKSxgTgYTb5VISBjR4+UL5WwuLCv9yUQ3YuEjHyq8pU:creTgmVVH/U9WwWCv9yJ3aZI

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file next-car-game-programas-gratis-net.exe has been seen being distributed by the following 43 URLs.

http://www.besttoursvaults.com/c?x=Nz22CLDyNsa2ePUuagPmUZjvQNIbWErHuXXSbWn9Ko4=&c=9htWM4CIWD/fKF5rtIOcykdVK/d7aSPnS5/Bjk8bNNysDBd/EhZ0Tb1Y7DfIB0zpXyILUoaiiTuFam5ezYyjqlD9ZD1FlvZT3yTd3kdPnoeFkyQQM7Anh5vFU1U5pIJjF Unjw02Ew/wDEC6BMI4rw/gf1SF1ZInRI5zU6ekYno=&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

http://www.bundlecentralbulk.com/c?x=4GiX6c/sU9Lo574xaKrOsli jsSJe/pMScdOw53UxAI=&c=6kHmvxeQGtTFBwZYYs0lnXtJ8x/7VBqhxWdtCdpy4FI ZgSCIM4bAlk3JQbHWX3gYs cQhw187WD akMaa8SlLQ4TOen8E1aWzxSLcB70o/PJCqN32aSxys3ko2IaIJAKUpcgGzpIPH64W Ez985b WAFECnhn6r6W5IXhJWKR8=&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

http://www.farmflashtour.com/c?x=5AGxO5fbJDj8qO7SvTF4IGiWSVbpuo5kssogKdVedMc=&c=TJiy TbZu5CnjMaatopfBZNIYuu5b Qt7 MbeGKtT0SjQzAPkmPSxEUMeJ3 41BZlwv2YvH6MUtZRoPlbHpR61ebxlojob53hO6 ttGsGB UyOYP2qW t7In80QIs8mv5oSOStU1b2Ahdku8ib3/0KAXey249rBYyrxPbLTrX20Ntw mHoyLvjt/yT1HZAR6&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

http://www.sendtowersnew.com/c?x=U2CZsg1jcbIpVoRSqFcfKfUHUBg9G5r NB5iT3BhxYY=&c=rZ5l2a0sA2YAIBw8ID0Hdj3utVUIzRpXVJ5uNg6XAhyEGEwmfTPlAjlkPmnCbUg3VwlCEM cBVe2RrQ5U rcJ3fmkCR5lyCI4mUUYfEE8IdzVvkv7lYHHdV9tHzO758i8Lgp7zWmwDsL7U7rygTY290UelLa0xoPYvgTumm5PXs=&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

http://www.bundlecentralbulk.com/c?x=GHtiMLVJBw2qb/gGZ/cQCY2Iy/c1zvTx9CAbAVW82I8=&c=wGJvID fwKLTTkdiPJIVMXoQ6MJXxf5iINHV9oPFFe5xd5hBc9JHX2ZG0CgXd0Ypyh8kHWMwpEcQUwz7NTyuYIDwMIgqtaWt 8zw7dXwqdc59FxiIiaJ3ZHvKiKqq73YyDYZnF1wdMNi67oScrl62k46yxujECPrhmh3SteUZTw=&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

http://www.bundlecentralbulk.com/c?x=DXuaOU8qXvS5kwmqfUoJ/qdt 8KUg8 xMyMMV4aYIcU=&c=ee1pdeEfl/6V9 NUwGdhpMaLtqH8HnMpOpscb7Va5IE8zfkvC2O5OV0q2hsRqblhQiRrBp0c7r2Bss40Kx1xulcB4RKTGy2CXKw5Qjzp0VuMWbGoFmmKjKyMdK/3m /yfb4ue6C4WSg30fpWixagDyueKPKAslzJ0y8fFM/0kus=&e=0&downloadAs=next-car-game-programas-gratis-net.exe&fallback_url=http://.../NextCarGameDemo.exe

Latest 30 of 43 download URLs

Remove next-car-game-programas-gratis-net.exe - Powered by Reason Core Security