picasa_4_1_3_exe.exe

Kantida Chanudrum

The application picasa_4_1_3_exe.exe by Kantida Chanudrum has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.torntv-dl.com.
Publisher:
Kantida Chanudrum  (signed and verified)

MD5:
535746d743af803178bb9c505283b303

SHA-1:
93f8c2dd4285ad0fcb28634a4583a240e90dfcb9

SHA-256:
6fb3092531bce0977077b88ec2f971c8afbe11dd0ea1cde1bdf34a71e5eed43a

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The installer bundles additional adware-type offers (ad-supported) that are displayed to the user during setup and typically installed by default. These include web browser ad-injectors.

Analysis date:
12/4/2024 6:46:14 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Oneclick-I [PUP]
160414-2

Dr.Web
Detection.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.OneClickDownloader
16.06.23

ESET NOD32
Win32/Adware.1ClickDownload.AX application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Yotoon
15.0.0.562

Norman
Application.Bundler.OneClickDownloader.B
19.05.2016 05:17:13

Reason Heuristics
PUP.OneClickDownloader.KantidaC.Installer (M)
16.6.23.14

File size:
391.2 KB (400,600 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\picasa_4_1_3_exe.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/15/2014 12:00:00 AM

Valid to:
4/15/2015 11:59:59 PM

Subject:
CN=Kantida Chanudrum, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
12C00C2179570252969AF80D723272A8

File PE Metadata
Compilation timestamp:
12/5/2009 7:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wlmbTQ3wiuozAggQGYWJbfKQ7WS0CviKcr8n93:0mbYrjgQGR1fnWSArO3

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file picasa_4_1_3_exe.exe has been seen being distributed by the following URL.

Remove picasa_4_1_3_exe.exe - Powered by Reason Core Security