picasa.exe

Deso

C.M.A.A.G Proactive And Investments Ltd

The application picasa.exe, “Deso Setup ” by C.M.A.A.G Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.contentappsclean.com.
Publisher:

Product:
Deso

Description:
Deso Setup

MD5:
2fbbe619c229d539bac6940542a887a8

SHA-1:
111f5eab71098eec99df2ecdf6d1f6a1d8837972

SHA-256:
8bc3d7f2719cfd399c22e1327e058a8e07bb76dbb6b172a9e7ae20d5a0c5308e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 4:15:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.12.5

File size:
986.3 KB (1,009,968 bytes)

Product version:
4.3

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\picasa.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/10/2015 9:00:00 PM

Valid to:
11/10/2016 8:59:59 PM

Subject:
CN=C.M.A.A.G Proactive And Investments Ltd, O=C.M.A.A.G Proactive And Investments Ltd, STREET=3 Mikonis Shmuel, L=TEL AVIV-JAFFA, S=Israel, PostalCode=6777212, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
42BF94673750AF4A912BA52F4F25C320

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8897

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file picasa.exe has been seen being distributed by the following URL.

http://www.contentappsclean.com/fQqbmu14eiPija1cBXL6p7dsDTjZXy FJya8ZC0UGNBMnM03aqD6ei_m8Uw1bMxSlGunCHx3J_aklq8H1eog5rZafpjyHFFf0KdhWsaZmdezXYTELaWxBOBPBWS5oQLcl2zt2K8LVEn0xu VSD 8t41dLKB daDiuYpeb3n9UqrRf7NcEoVJOQw8yXmwieh vzxKxPVm7DoverGAwvGjEVwLc2SuFfY17y4Lo3Zv0btychAVo1lb2d_m7lhgp2_rDKsF8QK_j 9zOCDyr6mKoRJwY1yiFv91KYZQA_L8zzQVrYqKeGRlUe8Ux349r7W9bOwzLpxL eMJhhKTXGsVwBV0pO0n5HYDh18u9BOqX6LzhHnnXCsPO1kw_oPrisfABaYAL4p52ad7ooozIEVU6nBF77Wg1c9gA jtaIYGsO1KGEpd0DeHM6o2VvAY_Vsb0OZzJRqVEG5dGscJtCz_UlqEmf6smN7TEnRhlv7Ls3MAE0t55p8=-G2gAAES3 X2ddlzSdYpFxA5LLCGnHDi0opJrfuED8N3GwPEFRbBeI27jcczokj SPO_jI9q3K75GbflM7skYkxFagDOCprFVpJ_FXrxMzPo=

Remove picasa.exe - Powered by Reason Core Security