offerblvd.exe

MY POP SHOP LTD

The application offerblvd.exe by MY POP SHOP has been detected as adware by 20 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.airdlr1.com and multiple other hosts.
Publisher:
MY POP SHOP LTD  (signed and verified)

MD5:
2bc682ed23db4001e524d97c87b3cad7

SHA-1:
1df6f5003a26a5bf59c917e796905ab63731e3f0

SHA-256:
2df300845060aa70839b95b21e0746ec17bc80d0f18c10e47042691f29a54e73

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/25/2024 1:09:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1868287
824

AegisLab AV Signature
Troj.W32.Inject
2.1.4+

Agnitum Outpost
Trojan.Graftor
7.1.1

Avira AntiVirus
TR/Rogue.1221632.1
7.11.179.140

avast!
Win32:Dropper-gen [Drp]
2014.9-141102

AVG
Dropper.Generic9
2015.0.3302

Baidu Antivirus
Trojan.Win32.MsiDrop
4.0.3.14112

Bitdefender
Trojan.GenericKD.1868287
1.0.20.1530

Emsisoft Anti-Malware
Trojan.GenericKD.1868287
8.14.11.02.08

ESET NOD32
Win32/TrojanDropper.MsiDrop (variant)
8.10586

F-Secure
Trojan.GenericKD.1868287
11.2014-02-11_1

G Data
Trojan.GenericKD.1868287
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.OfferBlvd
v2014.09.12.05

McAfee
Artemis!F51A30D33776
5600.6958

MicroWorld eScan
Trojan.GenericKD.1868287
15.0.0.918

nProtect
Trojan.GenericKD.1868287
14.10.19.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.MYPOPSHOP.J
14.9.12.17

Trend Micro House Call
TROJ_GEN.R0C1H09IQ14
7.2.306

File size:
1.2 MB (1,222,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\offerblvd.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/21/2014 5:00:00 PM

Valid to:
7/22/2015 4:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B739C4F756EE55FB750952CE570BE48B

File PE Metadata
Compilation timestamp:
9/8/2014 12:27:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:cVIdXPIm95sNUCJCj/aiKQ+67hC0wD3/BkkUEWojHwz:88PIvjJNij17c0wDZk45Qz

Entry address:
0xB350

Entry point:
E8, F0, 5E, 00, 00, E9, 89, FE, FF, FF, FF, 35, 80, 21, 42, 4F, FF, 15, 8C, 90, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 76, 3E, 00, 00, 6A, 01, 6A, 00, E8, 6C, 2E, 00, 00, 83, C4, 0C, E9, 31, 2E, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1...
 
[+]

Entropy:
7.9472  (probably packed)

Code size:
96 KB (98,304 bytes)

The file offerblvd.exe has been seen being distributed by the following 6 URLs.

http://cdn.airdlr1.com/downloads/offers/.../offerBLVD1.exe

Remove offerblvd.exe - Powered by Reason Core Security