spybot.exe

Lom

ConnectorPrompt (Alpha Criteria Ltd.)

The application spybot.exe, “Lom Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Spybot - Search & Destroy but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Cesefu   (signed by ConnectorPrompt (Alpha Criteria Ltd.))

Product:
Lom

Description:
Lom Setup

Version:
5.6.1.6

MD5:
9ce7cb72815e732271a2c63046dce6c9

SHA-1:
ed044434dc0f374fad0220573ef41225d6230b3b

SHA-256:
3073977af0399b955015ffdc3a0537f8a1d917b407d395bfc6c3f747c6fb2f04

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 1:17:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.9.2.4

File size:
984.8 KB (1,008,424 bytes)

Product version:
2.7

Copyright:
Program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\Pictures\spybot.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 4:14:48 AM

Valid to:
9/2/2016 4:24:46 AM

Subject:
CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:bdgcMpDyxbo+mK9fTlnolhVTy0aZbrtkugux2TrhbICn:Bg/1ybdmK9poVoRyvq2TdbICn

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9016

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file spybot.exe has been seen being distributed by the following 7 URLs.

http://www.clearcentralmega.com/GTCbYHXjBM2scz sDFwEhpT8y6q39jMI7oJURKJDqyhUd00frivic7HOV9wSLB0JaQGxMJNNyO2mghGByjLGBcTrYojBLaBSNI7KL zhG8D Yd9ssRkw acF5_VQC5E40QlOKAoZJscsXToJ09CvMGdgBXUCI2cNuod4TJv gjVGBEa4QD3odxKtkuAc _30vOlJ_ad-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/FAaJVJR3pOcyjz1wHRUOsq6jTGZjCfNhCGZE_X6iGqexZg3EKBM1Ua 2iD0Ie5_UfIou9WgQJZEtQEkSfSWQh11TrU2jwxmLHA6Pz6LqTsOhQPZjA9mH_hVf9M5lrAPSoMbGho0aTM sKTEKms0PPCHrFEXKsjbdG3K1EeNU d Gsb EhrfT_JLjFAICnrp9Y_kRxj_-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/9LDkLkmuhkTypRbVC pehYyGXaGHkDhT1qkLCvu589z4rxkIE4kN6E6ZEOBhnHBAsboH3TDcg9545XD_7iniQn4VlQRKlwLFZwhcJL3 bpbBPxrYqdiiWs3ZNS5UVZBHp6EC301FvRyxAgn5VzVqHd6r6mkkyRhiI6B9xv2dIA tXgov20dyCD 70DQF3Fb1drn7pYk0-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/EinxMG jORm6n TdZIG4cFX6vuCBSopTHMd4I8rOMV1as_ZBsPUSxByWOen2btVog4rbUuPYpqfGkwVzmingb7KOAeft_CdzPjYXrKe5aafZF5RRovdC8_9Xf9rg9PsBJTRGQsmnKTtlP2KSCH5VTvzHyfP hdLyCEu95Joff5YiKvZG_Vso21Ax9lP9p42fm16zh1pY-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/VjMNrm gYY4YahTqVYvizJAuUZCYUH1Y6djqF8a3uwrWf8v 6VQ6DRqOVH 9hgqvUqGS3NgLVsiTclxQhfVFJbZmuzEZo1xV BTHn5nOTkTik081Ha7dYlIKxwDAd2ZQdTU558f77WuPm9k6HV8ryODMmmylQnbkZh4SlP6_zWSSWnp31ilBbrY_vScOAeHKoogg1h5l-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/sXpme070tLu6vL0j0JXdKxwQM5LwsHNHCEbdf_jUcmsQk0bkqKmNcyGxtGtvlNOOCkG2DoPM694mCu5olyYRc7ZKUimePyEhUmdoRy3EbwI6oo8L7CyYot2sljGk OLlIhvqDWHob ML3TBpXkxmsVjGjxFO8DeF0UFlwsnOu9EF2BAYgGRGv8U_3I13vXUeYVzPtgAo-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.clearcentralmega.com/zxf5A6RB2Ap3OxFyqvkXrvfPhrKCK_D3L5J1sBjMFmTraMIRF6EJik5xn6Tcd_UDRTfUBZC1jc3k6Ir2z 5TT7k90rnM_Y1O2ipr45kpyd5oOJya_IdGTkcrreKTvikr8r9EGr3JjVZ2M1Jlt1GqW0CcC70iERCuYb0x bjgv_qDwVuiMTVCrh7WabwcQdTqZ0hrjC4-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

Remove spybot.exe - Powered by Reason Core Security