niet bevestigd 850864.crdownload

Zoobam

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file niet bevestigd 850864.crdownload by Zoobam has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from clk1005.com.
Publisher:
Zoobam  (signed and verified)

MD5:
f7a491205d2084e31a4e1b820625a7b9

SHA-1:
0caa29175f4cddb0dc44b26972e6a88bf8aff68c

SHA-256:
3f5dc5059529ae4d27fa771955a5b4d59cdcd54d093e3498970662748d819aef

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:04:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.KJ
623

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downware
2015.02.26

Avira AntiVirus
ADWARE/Adware.Gen
7.11.212.142

avast!
Win32:Adware-CIX [PUP]
2014.9-150523

AVG
Generic
2016.0.3101

Bitdefender
Application.Bundler.KJ
1.0.20.715

Clam AntiVirus
Win.Adware.Downloadadmin
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.ANGL
21216

Dr.Web
Trojan.Vittalia.14
9.0.1.0143

ESET NOD32
Win32/DownloadAdmin.H potentially unwanted (variant)
9.11235

F-Prot
W32/S-92ce39bf
v6.4.7.1.166

F-Secure
Application.Bundler.KJ
11.2015-23-05_7

G Data
Application.Bundler.KJ
15.5.25

K7 AntiVirus
Unwanted-Program
13.198.15087

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1998

Malwarebytes
PUP.Optional.DownloadAdmin
v2015.05.23.11

McAfee
Artemis!F7A491205D20
5600.6757

MicroWorld eScan
Application.Bundler.KJ
16.0.0.429

NANO AntiVirus
Riskware.Win32.Downware.djahkt
0.30.0.296

Panda Antivirus
Trj/CI.A
15.05.23.11

Qihoo 360 Security
Win32/Virus.Downloader.d33
1.0.0.1015

Reason Heuristics
PUP.Tightrope.Bundler
15.5.23.7

Sophos
DownloadAdmin
4.98

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37916

Zillya! Antivirus
Downloader.Agent.Win32.235073
2.0.0.2081

File size:
823.5 KB (843,288 bytes)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\niet bevestigd 850864.crdownload

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
10/16/2014 4:27:59 AM

Valid to:
10/16/2017 4:27:59 AM

Subject:
CN=Zoobam, O=Zoobam, L=Kirkland, S=Washington, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EA9D31E75E043

File PE Metadata
Compilation timestamp:
7/15/2014 6:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:8xpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8S:wp9sVuaVdvgVbmgGDijyikg5

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file niet bevestigd 850864.crdownload has been seen being distributed by the following URL.

Remove niet bevestigd 850864.crdownload - Powered by Reason Core Security