selena gomez come.exe

Eran Vaterfeld

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application selena gomez come.exe, “Installer for SummerSoft” by Eran Vaterfeld has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The file has been seen being downloaded from lp.ezdownloadpro.info. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
SummerSoft  (signed by Eran Vaterfeld)

Product:
SummerSoft

Description:
Installer for SummerSoft

Version:
2013.8.25.1639

MD5:
4358940a540ca3f729ebc05159f9838f

SHA-1:
5bb702fda8fdbe360d4f84bff45b4379fcf14c71

SHA-256:
8c97f140895bba334a003f0a746567d7337068a55042c981efe664097ca7d604

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses Web-Pick's 'File Product', an Installer which wraps various products and downloads and installs it silently through the process, hosted on TusFiles.

Analysis date:
12/26/2024 1:28:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware (M)
16.8.7.1

File size:
293.7 KB (300,760 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2012 SummerSoft

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
WebPick InstalleRex (Tarma)

Common path:
C:\users\{user}\downloads\selena gomez come.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/9/2013 7:00:00 PM

Valid to:
7/10/2014 6:59:59 PM

Subject:
CN=Eran Vaterfeld, O=Eran Vaterfeld, STREET=Shtruk 15, L=Tel Aviv, S=Tel Aviv, PostalCode=64042, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CF0201F072612C73F4F11FE23420B802

File PE Metadata
Compilation timestamp:
3/12/2013 2:51:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:Trkw9uEo2S1YnQmCX492DkwNP3qpYFr5KQ4N93PXwb5fsDM6+tUCDz1:Trkou6/eIo4gK93PUVGNkUCDz1

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9583

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file selena gomez come.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove selena gomez come.exe - Powered by Reason Core Security