nvffzbxu.exe
Rabeken
Gede
The file nvffzbxu.exe, “Rabeken Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.toursgrabstock.com and multiple other hosts.
Description:
Rabeken Setup
MD5:
d28ba652a1f32132231866c81e049ac5
SHA-1:
ebc9de938048c9d113ade41ca4bb3a6a261de4a9
Scanner detections:
1 / 68
Status:
Potentially unwanted
Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.
Analysis date:
11/6/2024 6:26:24 AM UTC (today)
Scan engine
Detection
Engine version
Reason Heuristics
PUP.InstallCore.Gede.Installer.Meta (M)
16.4.23.9
File size:
965.9 KB (989,118 bytes)
Language:
Language Neutral
Common path:
C:\users\{user}\appdata\local\temp\nvffzbxu.exe.part
The file nvffzbxu.exe has been seen being distributed by the following 4 URLs.