unlocker1.9.1.exe

The application unlocker1.9.1.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from download1394.mediafire.com and multiple other hosts.
MD5:
6aad00e039e65d623d2ebd194099212c

SHA-1:
fd6eb46785bb8b8dae1ee6ddd303c50a9416897f

SHA-256:
5ad45e453256dd0916fb3c600c498fe666a0b17005ebaa613dc59e4cd9c1b17a

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 5:50:08 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9271

Malwarebytes
v2014.01.02.02

XVirus List
Win.Detected
2.3.31

File size:
1 MB (1,091,128 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\unlocker1.9.1.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:+/wy4LrJ8oEcpUgqj1PZja6Zk65rCAig6ZYoM8X31UE:Wp4CoXS1PZjrS6CAB6P17

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file unlocker1.9.1.exe has been seen being distributed by the following 14 URLs.

http://download1394.mediafire.com/fsvd55eedq2g/.../Unlocker1.9.1.exe

http://download1394.mediafire.com/6vdut7ptd1gg/.../Unlocker1.9.1.exe

http://download1234.mediafire.com/1mgdrd6bv8jg/.../Unlocker1.9.1.exe

Remove unlocker1.9.1.exe - Powered by Reason Core Security