» torntv_setup.exe
Overview
Analysis
File Details

torntv_setup.exe

Puvanat Pumimart

The application torntv_setup.exe by Puvanat Pumimart has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

torntv_setup.exe

Publisher:

Puvanat Pumimart (signed and verified)

MD5:

bcc1624fca539bce109ae75a8ff35c6c

SHA-1:

02834e131c7c3acb7d70b756d16ad6e361fdcff9

SHA-256:

7d96fb9476fce17b85ce079d7d677cfd7c6600f1551eac72a654ecb536dee0a5

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/24/2024 6:23:57 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.207.178

ESET NOD32

Win32/Adware.1ClickDownload.AY

9.11130

G Data

Win32.Application.Agent.YWSK3L

15.5.25

NANO AntiVirus

Trojan.Nsis.Yotoon.deckrr

0.30.0.65070

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Sophos

Generic PUA AC

4.98

SUPERAntiSpyware

Adware.InstallMonetizer

9851

Trend Micro House Call

Suspicious_GEN.F47V0129

7.2.147

VIPRE Antivirus

Trojan.Win32.Generic

37290

File size:

503 KB (515,096 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\torntv_setup.exe

Digital Signature

Signed by:

Puvanat Pumimart

Authority:

Thawte, Inc.

Valid from:

11/21/2014 2:00:00 AM

Valid to:

11/22/2015 1:59:59 AM

Subject:

CN=Puvanat Pumimart, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4A3F08EC0AB46FDB9CD34E232B5C637F

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:GQHbnVJ0LDWudDr6TQ72IM1P+QwtIg8PNhf:GQ7oLaupqN1P+7p8PNhf

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9115

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove torntv_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.