sketchup_2014_for_dummies.exe

Sarinrat Subindee

The application sketchup_2014_for_dummies.exe by Sarinrat Subindee has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.torntv-dl.com and multiple other hosts.
Publisher:
Sarinrat Subindee  (signed and verified)

MD5:
99f085e31d16df32473c1f8bbdd13bda

SHA-1:
bf990e15a76a0c632490bd478ffd082f9d69b060

SHA-256:
1c79025cba999a63b4da1a134528df7afbba020ffc52502eea69c95997389b8c

Scanner detections:
6 / 68

Status:
Adware

Explanation:
The installer bundles additional adware-type offers (ad-supported) that are displayed to the user during setup and typically installed by default. These include web browser ad-injectors.

Analysis date:
12/4/2024 6:35:17 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3402

G Data
NSIS.Application.OneClickDownloader
14.7.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.07.25.07

Qihoo 360 Security
Win32/Virus.Adware.47b
1.0.0.1015

Reason Heuristics
PUP.SarinratSubindee.Z
14.7.27.14

Trend Micro House Call
Suspicious_GEN.F47V0725
7.2.206

File size:
361.5 KB (370,176 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sketchup_2014_for_dummies.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/29/2014 8:00:00 PM

Valid to:
6/30/2015 7:59:59 PM

Subject:
CN=Sarinrat Subindee, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Thailand, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F984B00AFAE5D11D235DCD3C48EB586

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:MsA7xPoqWHSIvaCj54sFh/5+iQzgvBaOv5UFCqBy9OPcLSSzBCjQyNpsGU3bp:ExPojH1aCjeUPZXhUFpyECzBCjQyvP0p

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8749

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file sketchup_2014_for_dummies.exe has been seen being distributed by the following 14 URLs.

http://www.torntv-dl.com/.../Once_Upon_A_Time_Season_1,_2_&_3___Extras_BDRip.exe

http://www.torntv-dl.com/.../Ra_Ra_Krishnayya_2014_Telugu_flv.exe

http://www.torntv-dl.com/.../Samjhawan_-_Humpty_Sharma_Ki_Dulhania_-_(2014)_-_720p_-_x264_-_HD_-_KhaTTaK.exe

Remove sketchup_2014_for_dummies.exe - Powered by Reason Core Security