slammingssetup_ch.exe

NCIS Technologies Limited

The application slammingssetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
69b2b90f996c61a3c5bbb152b2d72ad4

SHA-1:
f9fc0b493adb98d57099a4a0abb070e558189048

SHA-256:
2b9fe8e62a1dfb3423008214b7a4585cd4915dc9b10c8b1c92894af33497030c

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:26:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
8.3.2.4

Arcabit
Adware.Relevant.BH
1.0.0.646

avast!
Win32:PUP-gen [PUP]
2014.9-160415

AVG
Skodna.Generic_c
2017.0.2773

Bitdefender
Adware.Relevant.BH
1.0.20.530

Clam AntiVirus
W32S.Adware.RelevantKnowledge-2
0.98/21511

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
24005

Dr.Web
Adware.Relevant.119
9.0.1.0106

Emsisoft Anti-Malware
Adware.Relevant.BH
8.16.04.15.02

ESET NOD32
Win32/Adware.MarketScore
10.12915

F-Secure
Adware.Relevant.BH
11.2016-15-04_6

G Data
Adware.Relevant.BH
16.4.25

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.04.15.02

MicroWorld eScan
Adware.Relevant.BH
17.0.0.318

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
1.0.14.5380

nProtect
Adware.Relevant.BH
16.01.22.01

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16413

Sophos
RelevantKnowledge (PUA)
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Marketscore.RelevantKnowledge
46712

File size:
558.4 KB (571,824 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\slammingssetup_ch.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/14/2011 5:00:00 PM

Valid to:
12/14/2012 4:59:59 PM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8Ms/xoMbdrpphflrj0eFrggMlwcdr0zA+UPMzS2Mbd:FYx5bFhfNxNObdzBMib

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9699

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove slammingssetup_ch.exe - Powered by Reason Core Security