setup_cashreminder.exe

STARGLOBE LLC

The application setup_cashreminder.exe by STARGLOBE has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
STARGLOBE LLC  (signed and verified)

MD5:
09fbd16d8e3e462bacd8df8b872fda19

SHA-1:
e37790fe77f43faea0c961606b9377d5680d4922

SHA-256:
3bffce33cbec4d0e60fc1158f8e945950ae1d3c9d815f63ef47ae803ce79c438

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
11/5/2024 10:40:07 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.NetFilter
7.1.1

Avira AntiVirus
PUA/Solimba.Gen
8.3.2.4

avast!
Evo-gen [Susp]
151212-2

AVG
ShopDeals
2016.0.2896

Baidu Antivirus
PUA.Win32.Adload
4.0.3.151213

Dr.Web
Trojan.Fraudster.1958
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

F-Prot
W32/NetFilter-PUA.B (exact, not disinfectable)
4.6.5.141

G Data
Win32.Riskware.Netfilter
15.12.25

IKARUS anti.virus
PUA.BrAppWare
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.18090

Kaspersky
not-a-virus:NetTool.Win64.NetFilter
15.0.0.562

McAfee
Trojan.Artemis!D4B4B85D1AAF
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.211.2539.0

NANO AntiVirus
Trojan.Win64.Fraudster.dvwtzc
1.0.10.5081

Qihoo 360 Security
QVM42.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Adware.BrAppWare!1.A17D [F]
23.00.65.151211

VIPRE Antivirus
Threat.4150696
45800

File size:
2.8 MB (2,976,688 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_cashreminder.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
10/7/2015 12:10:40 AM

Valid to:
4/2/2016 6:48:38 PM

Subject:
CN=STARGLOBE LLC, O=STARGLOBE LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00AF454D0F54B44CC6

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:fNAs+Gy6FTkhXcByfar21sBNf2R6Qa5hFSeba8wMgDjC7PokU+hLF9qmW:fXjy6BkaBDneR/a5hFS6jgnCDfUiLLq3

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9979

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove setup_cashreminder.exe - Powered by Reason Core Security