psupport_install.exe

The application psupport_install.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. The file has been seen being downloaded from i1.reportbox3.info and multiple other hosts a known adware distribution point operated by WEB PICK - INTERNET HOLDINGS LTD.
MD5:
903c06f02d542e7dfe137e8fb2e86e59

SHA-1:
b9efcfe9162929030a47b0454300ce8e2d84e459

SHA-256:
bc807fa4954e01fd0cadc99e65853fb994fd68dbac191b13aed209c5dbca9a57

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:
12/25/2024 12:49:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/BHO.Bprotector.13
7.11.120.100

Baidu Antivirus
Adware.Win32.BHO
4.0.3.131218

Bitdefender
Gen:Variant.Adware.BHO.Bprotector.1
1.0.20.1760

Bkav FE
W32.Clod54e.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17460

ESET NOD32
Win32/SProtector (variant)
7.9185

Fortinet FortiGate
Riskware/PUP
12/18/2013

F-Secure
Gen:Variant.Adware.BHO.Bprotector.1
11.2013-18-12_4

G Data
Gen:Variant.Adware.BHO.Bprotector
13.12.22

Malwarebytes
PUP.Optional.SProtect.A
v2013.12.18.06

McAfee
Artemis!903C06F02D54
5600.7278

MicroWorld eScan
Gen:Variant.Adware.BHO.Bprotector.1
14.0.0.1056

NANO AntiVirus
Trojan.Win32.BGuard.cqshad
0.28.0.56692

Norman
Suspicious_Gen4.FCQRV
11.20131218

Reason Heuristics
Unnamed.Threat.31
14.3.1.10

Sophos
BProtect BHO Plugin
4.96

Vba32 AntiVirus
AdWare.BHO
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
24480

ViRobot
Trojan.Win32.BHO.1504931
2011.4.7.4223

File size:
1.4 MB (1,504,931 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\psupport_install.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:suSvGbcyy0Yx56l0h/vfwxeudJuActqyHryfigj2rw9OrEvGbcyy0Yx56l0h/vfL:Tbct0Yxkl0h/vfwxeU4AmbqvyU9O5bcV

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file psupport_install.exe has been seen being distributed by the following 10 URLs.

http://i1.reportbox3.info/addons/.../psupport_install.exe

http://dr078zibyt48h.cloudfront.net/addons/.../psupport_install.exe

http://91.74.184.36/.../psupport_install.exe

Remove psupport_install.exe - Powered by Reason Core Security