home

nox-app-player.exe

Becoconaba

Beta Funnel (Alpha Criteria Ltd.)

The application nox-app-player.exe, “Becoconaba Setup ” by Beta Funnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.tourcleartown.com.
Publisher:
Beta Funnel (Alpha Criteria Ltd.)  (signed and verified)

Product:
Becoconaba

Description:
Becoconaba Setup

Version:
2.0.4.2

MD5:
8d876e1a7e92fcaf799bf8e2d167d190

SHA-1:
365bc2bf594a984160dc66b0b2c761eeedf877e4

SHA-256:
5cc72e7dcab8cc24cd29a487d43035b1a3cf4bbb4c5710a2a92441b24fddb554

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/14/2024 2:30:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.12.3

File size:
934.1 KB (956,480 bytes)

Product version:
2.1

Copyright:
Wizard Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\nox-app-player.exe

Digital Signature
Signed by:
Beta Funnel (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:03:24 AM

Valid to:
7/27/2016 10:58:04 AM

Subject:
CN=Beta Funnel (Alpha Criteria Ltd.), O=Beta Funnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112104AF724D79B056B33C31EEC784761027

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file nox-app-player.exe has been seen being distributed by the following URL.

http://www.tourcleartown.com/TyYplAPDWX_Mj8zNBgyiU4wF HS0h0dVGF1FjaRyWZXlwlORSvif3fV4BmW5lBeNdxBeSwG08G atTSEgUZg7asekXQFeUUPugVW08DdDt9ABRCEhDDRrdAhfTh7sAmBfzhHku1hz_ZDQsGjCS7rPmYvUtmSWllW4UHviS6d7R7AyQlXGfVOROPz_OCG6ooWx23ZcsnGquAjaUnxIzueA0kmWr3_Dt1N5SZf8RSBOuV3SZlqJepz_pZKrrzN9TM7R3FIW408xq8NqYteEJw_7zbBiAljPl3mCYD wDJsiA4k1jWPgC8eCeI_dG0sLKwuh9pk_tz0BlHsrlYCg63l6VM5t2NKjC0DFAJhy7xPNtMhI5KP4Jk4N0LoTk0rw0mC 72nd0cvdxp7grjBtzsbrhfFd k4Iw3L5Sr W_NkPNYJmhLZh97qnSlYck Gl7DziyC3rM3QTQ3BvyXLRrETD N7q5ET6EIZUKHYyNm7i 1AwnR9z2aURsm8iLOBEcOZZQCf_WHgbrHbNV8s3Ni2EcYy7iud5_sODySQwBU3GSVtF0nmVXJUzqF2RGmqQBJZ9kuGjqFcNA 7gVMSN4k5aQu364Wd1Eq9hr62Duppdblbhv86Wrg=-G28AAGRwXqoPaTuY7A4BNuDAJR1ksQF4sEEHD1nILwJFM0LquB71iVKg6Ntl_QJli0MXRSFOKgXlwU0jrB7k9RfDhRjUzUxiY_EnrSUYDtRfzW8iOF1YlvVLz_q6t_QhAAMwgKZ2nKqLFg==

Remove nox-app-player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.