setup-blackhawkspersona.exe

Brand Thunder LLC

The application setup-blackhawkspersona.exe by Brand Thunder has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downloads.brandthunder.com.
Publisher:
Brand Thunder LLC  (signed and verified)

MD5:
3741b73d8714b5c0c192e5de137a1fdd

SHA-1:
1abe54a24bbe98fb0b3f4173f4e8c3c3177b9b16

SHA-256:
45ad032863d58fd21c4af1f6ae87fc8c7f609c19b11a2073f242c32cd45c5862

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 6:29:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BrandThunder.Installer (M)
16.4.4.16

File size:
487.9 KB (499,592 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup-blackhawkspersona.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/17/2013 7:00:00 PM

Valid to:
9/17/2015 6:59:59 PM

Subject:
CN=Brand Thunder LLC, O=Brand Thunder LLC, L=Columbus, S=Ohio, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
791A07FF9F5C100CAE981EC818D15D94

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:cQqWGUfD/r5WRcczIxnSlfCso8FBbwY2YZnKN2ja89jGC4luvj2O2KU5WRcczIx1:Jb/rukSC8rjKNp8Fv2BukSCwKNp8Fq

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9298

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file setup-blackhawkspersona.exe has been seen being distributed by the following URL.

Remove setup-blackhawkspersona.exe - Powered by Reason Core Security