» photomerge-4.2.2.exe
Overview
Analysis
File Details
Downloads (1)

photomerge-4.2.2.exe

Mala

Bibado Investments S.L.

The application photomerge-4.2.2.exe, “Mala Setup ” by Bibado Investments S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultsfarmhosting.com.

File name:

Publisher:

Bibado Investments S.L. (signed and verified)

Product:

Mala

Description:

Mala Setup

Version:

1.6.2.4

MD5:

150e7e1706ab57995d2140619108e20f

SHA-1:

cd89dba5ab1c2b58bf32c298a7990bc2d17061af

SHA-256:

51120192760c94de6a152c39062cf2aa28b8ecdfa3dd297689cdaa1043f3785c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/27/2024 3:07:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.2.3.3

File size:

1.2 MB (1,253,064 bytes)

Product version:

4.6

Stub fast

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Bibado Downloader (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\photomerge-4.2.2.exe

Digital Signature

Signed by:

Bibado Investments S.L.

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 6:15:47 PM

Valid to:

10/10/2016 6:29:18 PM

Subject:

CN=Bibado Investments S.L., O=Bibado Investments S.L., L=Alcorcon, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C7CDCA8256DFB1BF27E11C9CC97F08E3

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.8922

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file photomerge-4.2.2.exe has been seen being distributed by the following URL.

http://www.vaultsfarmhosting.com/InRV1fHhvhalTtpErHEnTU2GiPNcJ4PrtkA5VKVJNvqR iaEDek3E1EAAjDaEFecfXxKnm8JQ7lwBNCXmHTBbRv3n_434qIuykwtwJvUBmziY1LrIa_VGX9mls85OD24wMWsquqESpQinYHNqu42_vhb1PZdwAA16PLgWvkS8Dgv6QO8rGuGhwiMEF0UT_Y3GwzhmSY7-GwEDAGTITWwcqCDaV1wOW4jglsBEDtjbYoj5JPbeOPBkjZGfRWBur2PM J8Hv2O90yYMV_s5V9Q8hIO8d1FhIF JM87FA_T3wOluBPkkgpJmoaULW_4MCCQcyf2zRRgtfrbOVDlCQe3cz85SVQSLaX0IG7Gyf7EJ1I4 kwQRDYMW16XQhNFsplThaqrQNYo gXgvh 59oCpu140e_WpVgPZYuA6JI7jBfmzZth7J4DYCl1FS6fpmptyUuKvCdILu9WeqMCqvRsONr9tzkYH W_XDaSDn6vE7PlOfiAp6XkdVEE3hse2Hu3oYuzyhcZpVS K8sh7t3u3uZXhJ_hfTsRTZQgSdIiDgRB9GXZnzmxyP3xYLoQpgZ7RUoMvov4aY ZUbEg lDX xC2VWFAeCOvMBTblrVsr8vUwueCGmKNSrq5kg8mmkgLLR7RNa8DE3wZE6kTwqbyOPWnSWFCSRQTZimLgo7P5xyXdHE3JT_vIJSuEAdBrDZHhycTiLEV4aSBpaA1lWquK3chowcZ3MzJ3X0J2c29oBDoIw5jTVo2uXwX mlojI6Ak7eZV6enorTiR9mA9lu4SdirLMRnHqa501OcVS9tRpbVZMG2 mKkK9uGN7W4z5Tf2jGwUHlmJUKhZ9IM3JXljjwQSSiCWv4NMbLOejKKiRdDs1zSaZ1e495mx9KH0EoK_uenDF8sa3t70RP9EoVMiishtz0TXGOF Tpyw3jSRcB7_vfWTsRpmQXGmRclvCqAt93GCP

Remove photomerge-4.2.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.