» tuneup_utilities.exe
Overview
Analysis
File Details

tuneup_utilities.exe

BREE INTERNET, S.L.

The application tuneup_utilities.exe by BREE INTERNET, S.L has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

Publisher:

BREE INTERNET, S.L. (signed and verified)

MD5:

9302c2e8c88c1fcdb684496fe1a63aba

SHA-1:

2d02221c89951f4f758bec67ac442cde9bf3929a

SHA-256:

e2b04c4dac785f3b5c3e356fe32d2a66653cc642ce27b455a310e7d90879352b

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

11/25/2024 2:53:59 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.210.60

avast!

Dropper-HO [PUP]

150203-1

AVG

Potentially harmful program Toolbar.Babylon

2014.0.4257

Dr.Web

Adware.Downware.1130

9.0.1.046

ESET NOD32

Win32/Toggle.H potentially unwanted application

7.0.302.0

K7 AntiVirus

Unwanted-Program

13.194.14969

Reason Heuristics

PUP.Installer.BREEINTERNET

15.3.18.1

VIPRE Antivirus

Threat.4150696

37240

File size:

117 KB (119,792 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\tuneup_utilities.exe

Digital Signature

Signed by:

BREE INTERNET, S.L.

Authority:

DigiCert Inc

Valid from:

1/22/2013 1:00:00 AM

Valid to:

1/27/2014 1:00:00 PM

Subject:

CN="BREE INTERNET, S.L.", O="BREE INTERNET, S.L.", L=Villaviciosa de Odon, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0A07E9CB27A97276F91B7089B8AEA906

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:SgXdZt9P6D3XJk45V514Qnn3UQwIAwP5k1iVr/0esmF:Se34aq51Ln/bRk1usdmF

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.5496

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove tuneup_utilities.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.