plugininstall.exe

VisualBee

The application plugininstall.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.visualbe.com and multiple other hosts.
Product:
VisualBee

Version:
V23.4.1

MD5:
2bb6d808c960ab35f39a4ad220fdeafb

SHA-1:
008c886a51c9799b73bed057d1e16d08b0e249af

SHA-256:
55d28caced7e95c45d2f06865d3de43b5230537507ee0508c872d5c90e01331d

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
11/2/2024 5:17:45 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.DownWare
4.0.3.1447

Bkav FE
W32.Clod2fa.Trojan
1.3.0.4924

Dr.Web
Adware.Downware.1326
9.0.1.097

ESET NOD32
Win32/DownWare
8.9453

K7 AntiVirus
Trojan
13.176.11226

Malwarebytes
MSIL.Solimba
v2014.04.07.09

McAfee
Artemis!2BB6D808C960
5600.7167

NANO AntiVirus
Trojan.Win32.Downware.cavpxc
0.28.0.57630

Panda Antivirus
PUP/Conduit.A
14.04.07.09

Trend Micro House Call
ADW_VIBEESOFT
7.2.97

Trend Micro
ADW_VIBEESOFT
10.465.07

Vba32 AntiVirus
Trojan.StartPage
3.12.24.3

VIPRE Antivirus
Conduit
26682

File size:
354.9 KB (363,408 bytes)

Product version:
V23.4.1

Copyright:
VisualBee.com

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\plugininstall.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:2siU/LaFs7D3BMW64hxSsPXMf49ojMtzn+awyLIZpcfcyqPm0sAQ8sVb6gpNL2SB:cU/p7DWahwsP5Nxn+SLucULPmMQpbjpP

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9019

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file plugininstall.exe has been seen being distributed by the following 50 URLs.

http://www.visualbe.com/dirdownload.php?trackid=matomydd&refid=20oSK12nxjD1XCTk0s22MF1v8Uye000.&ce_cid=20oSK12nxjD1XCTk0s22MF1v8Uye000.

http://s.m2pub.com/event/click/0/CiQ4NDY1YTFkNi0yNTQ1LTQ1ODYtYjE1Yy0wMGM0ODU3ZmUzODIiCDExOTMyNTE2KggxMTk0NTAzNTIIMTE4NTAwOTc6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJCUloCMjdiCDExOTk3MTkzagZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAtABAt0BURJ8PeUBv6syP-0BTPMvP.ABAfgBAYICCWMxMTg4MDA3NogCAZACAJgCAKACAKoCAA==/.../

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiRlYWJkYzk5Mi0xYWFlLTQ1YmEtOTEyZC1hNjQ3YTBlNzUxMTkiCDEyMDI0MDE5KggxMTk0NTAzNTIIMTE4ODUxMzI6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJVU1oCTlliCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BBmwJP-UBAAAAAO0BAAAAAPABAfgBBIICCWMxMTg4NzExMIgCAJACAJgCAKACAaoCALICCDEyNDMxMzk5ugIGMC4wMDEy

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnucimKYmGKjfZmJkHGYZaR7w45lapdjnA?dp=CiQ0MWJmNmIzNy1hOGQxLTRmYTctYjAwMC0xMGEwMDc3ZTlhMDUiCDEyMDE1NjQ4KggxMTk0NTAzNTIIMTE4ODcxMTc6Bm1hdG9teUIIMTE3MDkxNDNKCDExNzA4MTEzUgJHQloCRjJiCDEyMDcxMTQ2agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0B5QN.OuUBAAAAAO0BAAAAAPABBPgBA4ICCWMxMTg4NzExN4gCAJACAJgCAKACAKoCAA==

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiQ3MjhhMDBkZS04ZDg5LTQ1MjgtOTM4OS1mNTAwZjU3ZTMxNjEiCDExOTc4Mjg1KggxMTk0NTAzNTIIMTE4ODcxMTc6Bm1hdG9teUIIMTE3MDkxNDNKCDExNzA4MTEzUgJVU1oCVFhiCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BAAAAAOUBAAAAAO0BqxIWP.ABBPgBCoICCWMxMTg4MzEzMogCAJACAJgCAKACAaoCAA==

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiQyZGZmNjhiMS04ZWE3LTQ0YTUtYmI2Ny0wNTUxYzZmNzI3NWQiCDEyMDI0MDE5KggxMTk0NTAzNTIIMTIxNzgwMDM6Bm1hdG9teUIIMTE2NjU1NzhKCDExNzA4MTEzUgJVU1oCVFhiCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BfjoiP-UBAAAAAO0BAAAAAPABAfgBBIICCWMxMjExNzA2NIgCAJACAJgCAKACAaoCAA==

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiQxNDVhMzY3YS0xMDI0LTQ0NDgtYTc3NS0yNTdiOGNkNmIzNTEiCDEyMDAyODk4KggxMTk0NTAzNTIIMTE4NDgxMDg6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJVU1oCQ0FiCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0By1WgPuUBm1EEMu0BAAAAAPABBPgBA4ICCWMxMTg0ODEwOIgCAJACAJgCAKACAKoCAA==

http://s.m2pub.com/event/click/0/CiQ5MmJjYTY2ZS1jYTU2LTRjMWQtOTcyMy01ZGMyOGEzZjJjZWEiCDExOTgxMDk4KggxMTk0NTAzNTIIMTIyNjE1ODg6Bm1hdG9teUIIMTIwNTM1NzRKCDExNzA4MTEzUgJERVoCMDJiCDExOTQzOTcyagZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BAAAAAOUBAAAAAO0BAAAAAPABAfgBAYICCWMxMjQzMTMzNogCAJACAJgCAKACAKoCALICCDEyNDE0MzMzugIGMC4wMDAz/.../

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiQ5NzM3MjliMi1hMjExLTRjMTItYjlkZS0wOGU4NDUwZjM2MGQiCDEyMDAyODk4KggxMTk0NTAzNTIIMTE4NDgxMDg6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJVU1oCQUxiCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BAAAAAOUBAAAAAO0BAAAAAPABBPgBA4ICCWMxMTg0ODEwOIgCAJACAJgCAKACAKoCAA==

http://s.m2pub.com/event/click/0/CiRjZjI0ZGMzZS0zMDcxLTQxZmQtYTc1ZC01Nzc5YmJhZDBiNzMiCDExOTQxMDMzKggxMTk0NTAzNTIIMTE4NDUxNjE6Bm1hdG9teUIIMTE3MDkxNDNKCDExNzA4MTEzUgJVU1oCQ0FiCDExOTU2MDEzagZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBF2NhbmhvbWUxMTEuYmxvZ3Nwb3QuY29tyAEB0AEB3QEAAAAA5QEAAAAA7QEAAAAA8AEB-AEBggIJYzExODQ1MTYxiAIAkAIAmAIAoAIAqgIA/.../

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiRhMWRlZTVlZS1kOWY0LTRmZGUtODY2Zi1mNjQxY2RlOGY0ZjciCDEyMDI0MDE5KggxMTk0NTAzNTIIMTE4ODcxMTc6Bm1hdG9teUIIMTE3MDkxNDNKCDExNzA4MTEzUgJVU1oCTU9iCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBA9ABA90BOG0xP-UBp56MP-0BewSFP.ABAfgBA4ICCWMxMTg4NzExN4gCAJACAJgCAKACAKoCAA==

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnucimKYmGKjfZmJkHGYZaR7w45lapdjnA?dp=CiRjM2UwYzgwOC1lZmI5LTRkZjQtOTkzNS03NzQ4ZDYzNWUxOTAiCDEyMDE1NjQ4KggxMTk0NTAzNTIIMTE4ODcxMTc6Bm1hdG9teUIIMTE3MDkxNDNKCDExNzA4MTEzUgJHQloCSDJiCDEyMDcxMTQ2agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BAAAAAOUBAAAAAO0BAAAAAPABBPgBCoICCWMxMTg4MzEzMogCAJACAJgCAKACAaoCAA==

http://s.m2pub.com/event/click/0/CiQ4YzMzOTUwYy03MWIzLTQyNTgtYmMwMC1hZTQ5MGFjNjZjNzQiCDExOTk3MjAzKggxMTk0NTAzNTIIMTE4NDUwOTc6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJCUloCMDViCDExOTk3MTkzagZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBEHZpZGVvc2xhc2hlci5jb23IAQLQAQLdAQAAAADlAWDNLj.tAQAAAADwAQH4AQGCAgljMTE4NjIwMTGIAgGQAgCYAgCgAgCqAgA=/.../

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQappenICVimKYmGKjfZmJkHGYZaR7w45ibJZinA?dp=CiQwZWQ4NTBlNi1jNjMwLTQyZjAtYmE4NC01ZmNmOTU2MmRiNzAiCDEyMDAyODk4KggxMTk0NTAzNTIIMTE4NDgxMDg6Bm1hdG9teUIIMTE3MzAwNDhKCDExNzA4MTEzUgJVU1oCUEFiCDExOTIzNTQ4agZDaHJvbWWQAQGYAQGoAQCyASAxM2UwODQ1NmRjYjYxMWUyYjA3ZjEyMzEzZDJkNTliZsIBAMgBAdABAd0BAAAAAOUBAAAAAO0BAAAAAPABBPgBA4ICCWMxMTg0ODEwOIgCAJACAJgCAKACAKoCAA==

Latest 30 of 70 download URLs

Remove plugininstall.exe - Powered by Reason Core Security