torntv_setup.exe

Puvanat Pumimart

The application torntv_setup.exe by Puvanat Pumimart has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Puvanat Pumimart  (signed and verified)

MD5:
bcc1624fca539bce109ae75a8ff35c6c

SHA-1:
02834e131c7c3acb7d70b756d16ad6e361fdcff9

SHA-256:
7d96fb9476fce17b85ce079d7d677cfd7c6600f1551eac72a654ecb536dee0a5

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/28/2024 1:15:44 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.207.178

ESET NOD32
Win32/Adware.1ClickDownload.AY
9.11130

G Data
Win32.Application.Agent.YWSK3L
15.5.25

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.30.0.65070

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA AC
4.98

SUPERAntiSpyware
Adware.InstallMonetizer
9851

Trend Micro House Call
Suspicious_GEN.F47V0129
7.2.147

VIPRE Antivirus
Trojan.Win32.Generic
37290

File size:
503 KB (515,096 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\torntv_setup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/21/2014 2:00:00 AM

Valid to:
11/22/2015 1:59:59 AM

Subject:
CN=Puvanat Pumimart, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4A3F08EC0AB46FDB9CD34E232B5C637F

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:GQHbnVJ0LDWudDr6TQ72IM1P+QwtIg8PNhf:GQ7oLaupqN1P+7p8PNhf

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9115

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove torntv_setup.exe - Powered by Reason Core Security