popcornew.exe

Popcornew Update

Popcornew OU

The application popcornew.exe, “Popcornew Update Setup” by Popcornew OU has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from popcornew.com and multiple other hosts.
Publisher:
The Popcornew Group  (signed by Popcornew OU)

Product:
Popcornew Update

Description:
Popcornew Update Setup

Version:
1.3.25.0

MD5:
c0f08b44406436dea0db29bca8c9ad72

SHA-1:
9763120f80de52b8f0a4dba58db8f6ef83ff47b3

SHA-256:
a23feb9a30c5e446d924b5f31b489d74b785b7182bd17146ac312c75a27c37f8

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/23/2024 4:06:03 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.146.128

Dr.Web
Adware.Downware.1463
9.0.1.0350

G Data
Win32.Trojan-Dropper.BoxoreInject
14.12.24

Malwarebytes
PUP.Optional.SoftwareUpdate.A
v2014.12.16.03

NANO AntiVirus
Trojan.Win32.Downware.ctonas
0.28.0.59608

Reason Heuristics
PUP.Installer.PopcornewOU.J
14.11.20.9

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10174

Trend Micro House Call
Suspicious_GEN.F47V1107
7.2.350

VIPRE Antivirus
Boxore
34696

File size:
604.9 KB (619,424 bytes)

Product version:
1.3.25.0

Copyright:
Copyright 2013 The Popcornew Group.

Original file name:
PopcornewUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\popcornew.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
5/30/2014 1:00:00 AM

Valid to:
6/7/2017 1:00:00 PM

Subject:
CN=Popcornew OU, O=Popcornew OU, L=Tallinn, S=Tallinn, C=EE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E6D399D12D82CE3706A59ECEE80327F

File PE Metadata
Compilation timestamp:
10/12/2014 6:26:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Ko5dr8Jgwan0JEu4Dkn3FwlJ/+r5v2OlNBeAdc+vWO:KEtE3EuEZWv2OlNBZKhO

Entry address:
0x4785

Entry point:
E8, D5, 13, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 2F, 14, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 8F, 47, 40, 00, FF, 15, 0C, C0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 68, EC, C1, 40, 00, FF, 15, 14, C0, 40, 00, 85, C0, 74, 15, 68, DC, C1, 40, 00, 50, FF, 15, 10, C0, 40, 00, 85, C0, 74, 05, FF, 75...
 
[+]

Entropy:
7.8747  (probably packed)

Code size:
40.5 KB (41,472 bytes)

The file popcornew.exe has been seen being distributed by the following 2 URLs.

https://popcornew.com/partners/.../PopcornewInstaller.exe

Remove popcornew.exe - Powered by Reason Core Security