home

premam_2015_malayala.exe

Deepwell

The application premam_2015_malayala.exe by Deepwell has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tomorrow Software Installer installer. The file has been seen being downloaded from files4.downloadnet1194.com.
Publisher:
Full Savvy Install  (signed by Deepwell)

Product:
Full Savvy Install

Version:
75.9.4.6363

MD5:
fd2f6135dcb8ffa99804eff361d4e817

SHA-1:
974840b181b0d27f0f8ee3c58a557d647d404224

SHA-256:
92fa11a55e69478ae5f58f06400fde61837cfc1b1325881dfcd91424ae606af7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 2:37:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TomorrowSoftware.Deepwell.Bundler (M)
16.6.30.23

File size:
866.8 KB (887,600 bytes)

Product version:
75.9.4.6363

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tomorrow Software Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\premam_2015_malayala.exe

Digital Signature
Signed by:
Deepwell

Authority:
GoDaddy.com, Inc.

Valid from:
9/10/2015 10:38:55 PM

Valid to:
9/10/2016 10:38:55 PM

Subject:
CN=Deepwell, O=Deepwell, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0080C523CA00812FD1

File PE Metadata
Compilation timestamp:
10/15/2014 6:32:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:Ip3Bg30Lwf92kZhVPHpCxCR+QGZMP8EL6T6Ot:k00L49phLCxS+iP8EmT6+

Entry address:
0x36CF

Entry point:
E8, BC, A1, 00, 00, E9, BE, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, FF, 25, 4C, 47, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 78, 56, 57, E8, C6, 0C, 00, 00, E8, F1, DE, FF, FF, 8B, B4, 24, 88, 00, 00, 00, 8B, BC, 24, 84, 00, 00, 00, 56, 57, E8, 5C, 10, 00, 00, 56, 57, E8, B5, E1, FF, FF, 8B, 06, 83, C4, 10, 50, FF, 15, 4C, F0, 40, 00, 83, F8, FF, 74, 2E, 8B, 0E, 68, D4, 46, 41, 00, 68, C8, 44, 41, 00, 68, 04, 01, 00, 00, 51, FF, 15, DC, F0, 40, 00, 85, C0, 74, 07, 3D, 04, 01, 00, 00, 76, 2B...
 
[+]

Entropy:
7.9677  (probably packed)

Code size:
52.5 KB (53,760 bytes)

The file premam_2015_malayala.exe has been seen being distributed by the following URL.

http://files4.downloadnet1194.com/download/.../dl?bc=1191699&pid=nextad&brand=nextad&aid=test_aid&s=test_source&c=mon&country=AE&cb=-934308537&filename=Premam_2015_Malayala.exe&productKey=j3pw4hmxjbacdvvc46mdwkypi7k4yehy&osName=Windows&osVersion=8.1&browserName=IE&browserVersion=11&zTmp=1&executable=1195931

Remove premam_2015_malayala.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.