panda-anti-rootkit-windows-downloader_it.exe

Ontecnia Media Networks, S.L.

The application panda-anti-rootkit-windows-downloader_it.exe by Ontecnia Media Networks, S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from mvsoftsecure.org and multiple other hosts.
Publisher:
Ontecnia Media Networks, S.L.  (signed and verified)

MD5:
1f35e8b2e34f81437c7c171564ca49d6

SHA-1:
be513f65456507341f97b7135f4df67189d682ae

SHA-256:
025e410ced29604e951f10eb8fb3ed1d739849ee29d67544b7c94e014a8869ff

Scanner detections:
10 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
12/27/2024 1:52:22 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Ontecnia
2015.0.3386

Baidu Antivirus
PUA.Win32.Malavida
4.0.3.14811

ESET NOD32
Win32/Malavida
8.10186

K7 AntiVirus
Trojan
13.182.12911

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.08.11.06

McAfee
Artemis!1F35E8B2E34F
5600.7042

Reason Heuristics
PUP.OntecniaMediaNetworksSL.i
14.8.11.6

Trend Micro House Call
Suspicious_GEN.F47V0729
7.2.223

VIPRE Antivirus
Malavida
31802

File size:
349.4 KB (357,832 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\panda-anti-rootkit-windows-downloader_it.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/24/2014 1:00:00 AM

Valid to:
2/25/2015 12:59:59 AM

Subject:
CN="Ontecnia Media Networks, S.L.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Ontecnia Media Networks, S.L.", L=Valencia, S=Valencia, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13BBD08E760487FF928FBC6CD276E85E

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:vQqZ/KajtmMzv4WpNqAXJ2Wpueqk9va8ZspnEckaYn9HYZowAIds:P/FpnzlN9XbaAi0WYIds

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file panda-anti-rootkit-windows-downloader_it.exe has been seen being distributed by the following 3 URLs.

Remove panda-anti-rootkit-windows-downloader_it.exe - Powered by Reason Core Security