nvffzbxu.exe

Rabeken

Gede

The file nvffzbxu.exe, “Rabeken Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.toursgrabstock.com and multiple other hosts.
Publisher:
Gede

Product:
Rabeken

Description:
Rabeken Setup

MD5:
d28ba652a1f32132231866c81e049ac5

SHA-1:
ebc9de938048c9d113ade41ca4bb3a6a261de4a9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 6:36:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Gede.Installer.Meta (M)
16.4.23.9

File size:
965.9 KB (989,118 bytes)

Product version:
3.2.8

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nvffzbxu.exe.part

The file nvffzbxu.exe has been seen being distributed by the following 4 URLs.

Remove nvffzbxu.exe - Powered by Reason Core Security