skateboardcitysetup_ch.exe

NCIS Technologies Limited

The application skateboardcitysetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
1126bea71b85f7f7f2ad5567689697a2

SHA-1:
cf7d5a93801cd5c44cf439e107bc20ee95f46726

SHA-256:
f7526dc50c4a260062aea36258d4c2732604187a515c0ad0c7fea1af185cc751

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:53:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Relevant.BH
947

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.138.142

avast!
Win32:PUP-gen [PUP]
2014.9-140703

AVG
RelevantKnowledge
2015.0.3425

Bitdefender
Adware.Relevant.BH
1.0.20.920

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
17982

Dr.Web
Adware.Relevant.81
9.0.1.0184

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.07.03.12

ESET NOD32
Win32/Adware.MarketScore
8.9582

F-Secure
Adware.Relevant.BH
11.2014-03-07_5

G Data
Adware.Relevant.BH
14.7.24

Malwarebytes
Adware.RKN
v2014.07.03.12

McAfee
Artemis!1126BEA71B85
5600.7081

MicroWorld eScan
Adware.Relevant.BH
15.0.0.552

NANO AntiVirus
Trojan.Win32.Relevant.cbpeni
0.28.0.58491

nProtect
Adware.Relevant.BH
14.03.23.01

Sophos
RelevantKnowledge
4.98

Trend Micro House Call
TROJ_GEN.F47V0321
7.2.184

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Marketscore.RelevantKnowledge
27690

File size:
496.1 KB (507,976 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\skateboardcitysetup_ch.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/14/2011 6:00:00 PM

Valid to:
12/14/2012 5:59:59 PM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sgPYw7spph6UPMblrj0eFrggMlwcdr0zA1:zPP7eh1MbNxNObdz1

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9631

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file skateboardcitysetup_ch.exe has been seen being distributed by the following URL.

Remove skateboardcitysetup_ch.exe - Powered by Reason Core Security