odin.exe

App secure LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application odin.exe by App secure has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.dlwfinalsoft.com.
Publisher:
App secure LLC  (signed and verified)

MD5:
9b4b65592bce2e0f34a857fe4e28a134

SHA-1:
ee4cda6d948242ae149cb388a7e255753f0ad2ff

SHA-256:
a3e96dd7a1d1d9708b43a9deb2ffef4add739974483ebce19eb74682102c072b

Scanner detections:
13 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 7:46:15 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.03.09

Avira AntiVirus
PUA/Softpulse.rtfa
7.11.213.24

AVG
Generic
2016.0.3183

Dr.Web
Trojan.Domaiq.146
9.0.1.068

ESET NOD32
Win32/SoftPulse.X potentially unwanted (variant)
9.11253

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.200.15196

Kaspersky
not-a-virus:Downloader.Win32.DriverUpd
15.0.0.543

NANO AntiVirus
Trojan.Win32.DriverUpd.dormbx
0.30.0.296

Panda Antivirus
Trj/Genetic.gen
15.03.02.03

Reason Heuristics
PUP.Softpulse
15.3.2.3

VIPRE Antivirus
Threat.4150696
37788

File size:
485.7 KB (497,376 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\odin.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/16/2014 4:00:00 PM

Valid to:
12/17/2015 3:59:59 PM

Subject:
CN=App secure LLC, O=App secure LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D0A1845D85007CD040B350F48C5F721

File PE Metadata
Compilation timestamp:
3/1/2015 1:34:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ktDyfK49N2repycGHbt/mB4b1pHLT9gjY3RNuF5:Xi4bc7ZmB4J9LpIYbW

Entry address:
0x1000

Entry point:
B8, B0, DC, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 5D, A6, CB, FE, E1, 56, 16, CD, 5D, 72, C0, 17, CF, 7D, EE, 01, 07, 95, 8A, 01, 86, CF, 52, 4F, D9, A7, 64, 8D, B7, 4C, E0, 12, B4, DF, 60, 56, E2, 04, 0D, FC, 26, AF, 52, 74, 4A, AA, 7A, 4E, FD, 26, 75, 3F, 75, A6, 35, E3, DC, 39, E8, C5, C5, 40, A6, AD, 79, 18, 3D, 77, D1, F3, 70, 9C, 1B, 29, D4, BB, C5, 4B, F2, 47, 67, D3, DD, CD, 2C, 2D, D8, C8, EA, 45, 02, 45, 38...
 
[+]

Entropy:
7.9407

Packer / compiler:
PECompact v2

Code size:
965.5 KB (988,672 bytes)

The file odin.exe has been seen being distributed by the following URL.

Remove odin.exe - Powered by Reason Core Security