home

rightsnetworkmediaplugin_setupd_14_17_45dc7914.exe

AD ROCKS, INC.

The application rightsnetworkmediaplugin_setupd_14_17_45dc7914.exe by AD ROCKS, INC has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from feed.rightsnetwork.net and multiple other hosts.
Publisher:
AD ROCKS, INC.  (signed and verified)

MD5:
c7dc99680ac10f6ec24cb02e2a4d1546

SHA-1:
6b669953b4ecc92ccd13269a3470fa59a70ab7b9

SHA-256:
1f350c6eac88fd3b07a6068b5d62e4656fe10269f16cdbdcc400fd97b861a1d5

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 8:00:40 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.Crypt
t3scan.1.8.9.0

McAfee
Artemis!C7DC99680AC1
5600.6742

Reason Heuristics
PUP.ADROCKS.Installer (M)
16.2.13.13

Trend Micro House Call
Suspicious_GEN.F47V0425
7.2.158

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
1.2 MB (1,216,056 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\rightsnetworkmediaplugin_setupd_14_17_45dc7914.exe

Digital Signature
Signed by:
AD ROCKS, INC.

Authority:
Thawte, Inc.

Valid from:
3/28/2013 8:00:00 AM

Valid to:
5/26/2015 7:59:59 AM

Subject:
CN="AD ROCKS, INC.", O="AD ROCKS, INC.", L=LAS VEGAS, S=Nevada, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F4E299FFB40CC3A1887D7BEC75F060A

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:I/rwIheW6ErQxqEU2CMl1pU2jzzy9erFd9yWZQ1rj:7IheMrKqEUPMl1pRjzz8QFd99Zg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9914

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file rightsnetworkmediaplugin_setupd_14_17_45dc7914.exe has been seen being distributed by the following 38 URLs.

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_2E440FC3.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_1604D27B.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_0AD312F6.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_53442157.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_5309790B.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_0204AEF9.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_3BFB4C4C.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_5DF38B17.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_55826F67.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_6DA406DB.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_68A165BC.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_436B33D8.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_52FBDF42.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_321F2D8B.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_54061107.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_459BBB9E.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_5DCCCE5F.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_7606AD01.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_04A61126.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_2EE7A8F0.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_7F789D4E.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_3F208283.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_3C1948E8.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_4546334C.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_0A769039.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_7A830042.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_5AB5DF0C.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_1A468659.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_1F5F395C.exe

http://148.251.87.49:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_17_07482FCC.exe

Latest 30 of 38 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.