home

nvffzbxu.exe

Rabeken

Gede

The file nvffzbxu.exe, “Rabeken Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.toursgrabstock.com and multiple other hosts.
Publisher:
Gede

Product:
Rabeken

Description:
Rabeken Setup

MD5:
d28ba652a1f32132231866c81e049ac5

SHA-1:
ebc9de938048c9d113ade41ca4bb3a6a261de4a9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/6/2024 6:26:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Gede.Installer.Meta (M)
16.4.23.9

File size:
965.9 KB (989,118 bytes)

Product version:
3.2.8

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nvffzbxu.exe.part

The file nvffzbxu.exe has been seen being distributed by the following 4 URLs.

http://www.toursgrabstock.com/c?x=VFZKaZVlt/ufXGn t68IWxnQsuEg3 mYnAYZo7KHzmM=&c=oSjPoRsvoEAjLFpsQiAN01N4IwzHIno7mvBA wBefeakbkG7LjB0pl gBSq0FCcB7zr74fSbedkGQ0Z exWTzjsDLBUlw esvquzBsk0R5 CsHQ 57EGa0TOxcJH8FZ3&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

http://secure.11-pn-installer.com/o/.../setup.exe

http://lax1.ib.adnxs.com/click?00qCeCyfyj-Xk_52wqHEPwAAAAAAAPA_l5P-dsKhxD_TSoJ4LJ_KPxpX2fN9kb0PrHQaYcrNfDo6gjVUAAAAAPtCNgByBwAAdgIAAAIAAAB-hyoBEq8HAAAAAQBVU0QAVVNEANgCWgDZDAAAQr4AAgUAAQIAAJYAQibFbAAAAAA./cnd=!QgZLOwjCzJMCEP6OqgkYkt4eIAE./referrer=http://ib.adnxs.com/tt?id=3556091&referrer=${REFERER_URL}&PYfhcyF1=459_18x18_0/clickenc=http://www.mydownloadhome.com/.../201?pub_id=90&sub_id=lax1CKzp6YimubO-OhACGJqu5Z7fr-TeDyIPMTA3LjIxNy4yMjAuMjA0KAEwuoTWoQU.&tag=3556091

http://www.towersdownloadsclear.com/c?x=llLaMnlYKWU4K3SkmQRe9p X8n1KjLUrGFWS Ql F6Y=&c=U17kGvaTPMxCy9f9m002INUzZLCbehlgfwyuDZ4YK/ZFvSmVsjft4LWJ9vdopY4UvunjkgDUdEQ/i WaatLQzGB1H4J0wPWc0bB 0WwHSnn/hWl2SypMZol2H/qxtgGO&downloadAs=setup.exe&fallback_url=http://.../setup1.19.exe

Remove nvffzbxu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.