thinking out loud ed sheeran lanamento 2014.exe

Tecnolab LLC

The application thinking out loud ed sheeran lanamento 2014.exe by Tecnolab has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from fileflow.co.
Publisher:
Tecnolab LLC  (signed and verified)

MD5:
8f584c36f6be635ef55cfc1d28098e8f

SHA-1:
7fb3fd5baf215a0b32edef4400552a1596ccbc94

SHA-256:
b429105a3abbb540d4492a9dbb506d2c47dead4478aedac4d57516f9d70df23d

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:12:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Downloader.BG
383

AhnLab V3 Security
Adware/Win32.LoadMoney
2015.08.05

Avira AntiVirus
TR/Dldr.Adload.zewqw
8.3.1.6

Arcabit
Adware.Downloader.BG
1.0.0.425

avast!
NSIS:Downloader-ACE [PUP]
2014.9-160118

AVG
Downloader
2017.0.2861

Baidu Antivirus
PUA.Win32.Adload
4.0.3.16118

Bitdefender
Adware.Downloader.BG
1.0.20.90

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Trojan.Fraudster.1656
9.0.1.018

Emsisoft Anti-Malware
Adware.Downloader.BG
8.16.01.18.05

ESET NOD32
NSIS/TrojanDownloader.Adload.AM
10.12040

Fortinet FortiGate
Adware/AdloadAM
1/18/2016

F-Secure
Adware.Downloader.BG
11.2016-18-01_2

G Data
Adware.Downloader.BG
16.1.25

K7 AntiVirus
Unwanted-Program
13.207.16778

Kaspersky
not-a-virus:AdWare.NSIS.Agent
14.0.0.799

McAfee
Artemis!8F584C36F6BE
5600.6517

MicroWorld eScan
Adware.Downloader.BG
17.0.0.54

NANO AntiVirus
Trojan.Nsis.Fraudster.dsyctt
0.30.24.2668

nProtect
Adware.Downloader.BG
15.08.04.01

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Sophos
AdLoad (PUA)
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Amonetize
42614

File size:
69.6 KB (71,272 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\thinking out loud ed sheeran lanamento 2014.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/12/2015 9:21:38 PM

Valid to:
5/12/2016 6:43:30 PM

Subject:
CN=Tecnolab LLC, O=Tecnolab LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5429B410CF774F82

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:iQpQ5EP0ijnRTXJk5NHFmQ2YGTtl6TwTlJzPL:iQIURTXJk5Nlx2YGZ0MTfzPL

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file thinking out loud ed sheeran lanamento 2014.exe has been seen being distributed by the following URL.