nfsdepth.exe

Depth New Free Screensaver

Gekkon Ltd

The application nfsdepth.exe, “Depth New Free Screensaver Setup ” by Gekkon has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download.newfreescreensavers.com.
Publisher:
Gekkon Ltd  (signed and verified)

Product:
Depth New Free Screensaver

Description:
Depth New Free Screensaver Setup

MD5:
7cfeb15bb69cced3215b0f73777d6d70

SHA-1:
b560272d9f3e5ea619c4cc8d5b69f7b107a1744f

SHA-256:
048ee82b773f887a3b3e1d1cbd81bab5383efc941cf85ed2e6df0fcf40734fec

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/23/2024 10:05:20 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.CookieView.2
9.0.1.0320

ESET NOD32
9.7348

Kaspersky
not-a-virus:PSWTool.Win32.NetPass
14.0.0.1111

Reason Heuristics
PUP.Gekkon.Installer (M)
15.11.16.18

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.18.2

File size:
4.1 MB (4,323,488 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\nfsdepth.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
8/9/2010 6:35:50 AM

Valid to:
8/9/2013 6:35:46 AM

Subject:
E=is@newfreescreensavers.com, CN=Gekkon Ltd, O=Gekkon Ltd, L=Mahe, S=Seychelles, C=SC

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012A56A1781E

File PE Metadata
Compilation timestamp:
2/9/2011 7:43:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:N3iBaC0W+chUtc113iIQnaAB5ebYj8qumq4grmPISApFsSc:X9d81wIQnpne0hqxrmPUI

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9906

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file nfsdepth.exe has been seen being distributed by the following URL.

Remove nfsdepth.exe - Powered by Reason Core Security