uptown funk mark ronson ft. bruno mars.exe

GO SAFER LLC

The application uptown funk mark ronson ft. bruno mars.exe, “Download da Internet” by GO SAFER has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from fileflow.co.
Publisher:
yTVnQOo5hT6GbOusu  (signed by GO SAFER LLC)

Description:
Download da Internet

Version:
8.3.4.6

MD5:
d7a64daf7c6027d4c393c2d91068683e

SHA-1:
664553728582d890e0b4c392a55ad7fc287c91d0

SHA-256:
51363c35ae0729a5ce820a2801da11aa87d00b1fb334bc5d07d2f9e1a88ad899

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:04:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BR Software (M)
16.12.12.17

File size:
73.9 KB (75,696 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\uptown funk mark ronson ft. bruno mars.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
11/23/2014 6:41:08 AM

Valid to:
11/23/2015 6:41:08 AM

Subject:
E=gosaferllc@gmail.com, CN="Open Source Developer, Go Safer LLC", O=GO SAFER LLC, C=US

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
56E606AD3EF1F4818B40EA7267671740

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file uptown funk mark ronson ft. bruno mars.exe has been seen being distributed by the following URL.

http://fileflow.co/ids/.../Uptown Funk – Mark Ronson ft. Bruno Mars.exe

Remove uptown funk mark ronson ft. bruno mars.exe - Powered by Reason Core Security