spybot.exe

Lom

ConnectorPrompt (Alpha Criteria Ltd.)

The application spybot.exe, “Lom Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Spybot - Search & Destroy but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Cesefu   (signed by ConnectorPrompt (Alpha Criteria Ltd.))

Product:
Lom

Description:
Lom Setup

Version:
5.6.1.6

MD5:
bce980b5fdadfe0d55f04b7543525451

SHA-1:
2a66742bd8f5744d7565b181214f5a2f3c171d81

SHA-256:
036d4d6faabe4596a2059b615296e9ac7bcb6dec9c0e317eeda8160da389e660

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 1:56:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.9.13.0

File size:
984.8 KB (1,008,424 bytes)

Product version:
2.7

Copyright:
Program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\spybot.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 6:14:48 AM

Valid to:
9/2/2016 5:24:46 AM

Subject:
CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:9dgcMpDyxbo+mK9fTlnolhVTy0aZbrtkugux2TrhbICn:rg/1ybdmK9poVoRyvq2TdbICn

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9016

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file spybot.exe has been seen being distributed by the following 4 URLs.

http://www.clearcentralmega.com/kmftX0MVHUrXjcx32dXGN6n8F9Ye25L6gsqLe8tF0fkBW_ZBB1ih7U5J2Xxb2m9ytDkDonXXnBBQoQdOIHn4fW5UeoXyesA3JFHSGCwvvmuI_QzOgi8fPXRKn3HmB66D5VTQG wKjjZPGD2tlAhchUBHbo4gMhB19Sg lqSGyK pJqtnINrhZWNS9ktyDK lCBG6PzRqx_o_0RYEgm4oVCu4kJoK 1g5XghS2MDeKXG u_1NVC3EhutS7pf_n9m cxSLuFh1vc6RkkJK8au1826Zv9Cqm7CPTjaSWGqayiUP_sctNGuiZmvdcyOcI379YleuFr_dsVnF7il6SPyw6GZHqQlf4F _1L1rg6tCMT6G_Q7LxrA8_5yUNZCyw6zeKtm aI7HzFpzFXNhJyt_2yXCmXM2nwXdHOj7E3eUjZugfoBo9WDy1iaF5qw_JoZioftctArcyyYSHvjCIR UYxyQsxX9M_SzMywG7UONQ2qWKZ3ejKBwHfd3DL4A3YivhytDVnjHkmSPtTqGf6uo026UznweRQ==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/d3mHXyYXcIu5bq5GFUKE4lO7JI6sksF2O6ZvSFH9B3HJAMFpKtzyi4mIC_6YY5N6MRp xEJLsl3alcNtjnCFlHizHwNpeZ1bzx_nE1J9oCAP9eJsE8ejuMLqYHpmyEZsvcKwXluUDFQ92GL1ILj21kAxSl4Xk5JVbxOCfuFoIFdV3q3 hUtdizYoxfVFKphg5F0OnXIXbD6qVUPsHGDZ1s1EPAOIocoXJ2miCbJhbAbTNCnHYB7fiObbD3xiKUIjl_C6ufMZbch X26SQ11gEtIYkrc7dtosr6aMvWpNOMS6bkxosGtscQcQRVa0Mg6Pdr5rRsL4us1G6ldGiXrs5SK7RM189mtaOek_MeBV4JUs17r2ZPpoIq4QN86mDzLzwUKnmOSVEAeqdSu5wdDdjYH_3OS2GfzvJnpufGZGqfAbJH3peGdk6ajFJhPk7X4ZuMqvPAEsRxvezDlVa1zl8KR qjfKHYo7rTDy0RvkXpCAtYExJdhclQ djQso5PCzzcC5lgO369LV1kQV6rtLOJOmVI7Ww==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/ONOqfHN3jrjmWehQGW_EXN2F LUWVN8KczbxqAfDeSLPV_oEulj6MPqCFsAQefgqiiB3GH3P1Kb_B0sGGZwEmXnpXIGBelwc0H0UvmTAP56g th8n486912pHQskfjKek7RBSn8i_twMMaYdQAQPrjEhcNSyIxXA0Kadn5lR7brEIFdZm2b1aL aUOtJuBbFS_FftWSY0XIMWmitgarbw5Ge6iVxsLpi7PIFS QEddDZpRQQW0qISMFRy6w WsDFHXGu6V_5xFmzps9DoLo4A46o0iuwDPihuxFGkGQ2jfQsXU4RDzNmI8LUApfVmwLrTPeEfJ_UjLuz4CVsEEgglRFFj8a RRezp4dFlMJ44nDwFVIPJQqzbhDORw7DrwaOrG6j_UPi5py5wLsTu0XsFf04NE 42bXiipA5sZq_rHBxpJzO96VHyB3EfYvCrgucE4 wZ9ep53ch i2oluY10QW8froYMIk3RGQEO_CfaHvB71i8Bw2vMlDQPqDSwy8JmGd1F9fjfQymxCgcZ8A_KdizqGBpg==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/eE lJyyBny0qUzeE58GgZMtb7SlaUyalyrjfoucrVOhoy9GY5ho5XGa9w5oTcvE6AeL2193bpNgRWQpew8TUQO2k9R9gLgcqGnzSLw GhEPAUr9oGVa8wKpAXRcMcQzCKMcF4YEz7ZO2LttifSvbQktEJHoY_lT4bJKygA_P o5U_YY_a8CE DDqkU4wkIy6XG3F vHzQH8TouYUwstc6mnWKtAMRZtMnEgmSQAI1VdJ3om5cNCSk2KZ3U5MpdYCVl5Iz0nNFIA1jHmn75wC8hOkPHbgEbCqshIgfNMExbhPOBPUD5aesRoUrHD1tFSPcHrUNIJ3Ujlf5NeCLJRhzTxB06pQ6m9zg3DNboPDLQAYJ8WXYQKiOuVETrZJdRdMUNaZOxFuniWmwyxcGXsrMzBrjMk9H2hIMXi28XaHfC3ey1Xbn3ZjUgznfp_AOuefD6gEpDwhofoxvrV1oCV0 BAK6Fnp0J UVTGDSeZxlCxTXkpOpAyIaUt8u_Um16y4307SI2k65tMuHm9lS4K1EH7BJCal9Q==-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

Remove spybot.exe - Powered by Reason Core Security