nox-app-player.exe

Becoconaba

Beta Funnel (Alpha Criteria Ltd.)

The application nox-app-player.exe, “Becoconaba Setup ” by Beta Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.tourcleartown.com.
Publisher:
Beta Funnel (Alpha Criteria Ltd.)  (signed and verified)

Product:
Becoconaba

Description:
Becoconaba Setup

Version:
2.0.4.2

MD5:
ea55260231a01d795ad2f01a76eb301a

SHA-1:
2b0071e5a815d39f3230e3bfbdf7a740bcc87dab

SHA-256:
4c46be22dba7dac12352f944c36e381d4772161d0eda1a40177c29e6f7e4f8f3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/29/2024 9:17:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.12.19

File size:
934.1 KB (956,480 bytes)

Product version:
2.1

Copyright:
Wizard Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\nox-app-player.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:03:24 PM

Valid to:
7/27/2016 9:58:04 PM

Subject:
CN=Beta Funnel (Alpha Criteria Ltd.), O=Beta Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112104AF724D79B056B33C31EEC784761027

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9366

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file nox-app-player.exe has been seen being distributed by the following URL.

http://www.tourcleartown.com/VkO4lqobD2Vl_2Og1vh7XQIy xLfjheUIDJo5Smel_8m9k4CrEiqITyKrrZEv1TBUf0v3niY6YXoLSvYGIVLIzIo8_jy2b_pPkQVpVGZzI6igQ2z_jlmuKVApiW1r8fNS6P 1jCZjfSLQI7XsUYcZhAn0259WeMWw6TETGd4qukHkpPot NNyRDn6u47tzNZTZp9Qh1fNMoS3NyDNtvCbGiRd7TYdFWuF_zKMRcQHDicP YlD4KykOKAeYuZHqg53xou7kwIzoCDBbFhDD6IfsokrIp cMwiW6zYE2e8zurpFUmRm3alxgYpsDnVBDpibkVeVj2K48MyFwIYSDHLU0blleOemlTjjnh4ppB9Z3HnpQmhu9xe0WfZ8qvtKv UFIvW6UuA_e_kOlZO3MEiuy3fUmoUEIKUj3mcuBv9QO_DeHup2k0yPmhRn0Fz4UD4HT62GGtyGEatU_M3E142bJfpNpF_q6GevHZqtIRheQkCLRbA_LjtNj00qqqy2teTm0t8FsvAq_u351BkBmuDX6t1hosdekswS1zsyc0k3QefrQBZAKoRS1LDbG1obMkqkxgmPRvJxfQB1ep0UgIBZPWC8FyfC4dd4GQU5O2VBuf5R_mUa8Y=-G28AAGRwXqoPaTuY7A4BNuDAJR1ksQF4sEEHD1nILwJFM0LquB71iVKg6Ntl_QJli0MXRSFOKgXlwU0jrB7k9RfDhRjUzUxiY_EnrSUYDtRfzW8iOF1YlvVLz_q6t_QhAAMwgKZ2nKqLFg==

Remove nox-app-player.exe - Powered by Reason Core Security