home

va-kan_kan_riddim-(promo_cd)-2014-yvp_int_downloader.exe

SmileFiles Installer

Webitar Production Inc

The application va-kan_kan_riddim-(promo_cd)-2014-yvp_int_downloader.exe by Webitar Production Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from d.smile-files.com.
Publisher:
http://smile-files.com  (signed by Webitar Production Inc)

Product:
SmileFiles Installer

Version:
1, 0, 489, 1

MD5:
c3b82069332452d9ded4a9d188e40b6b

SHA-1:
2b97976a69d153a3d4d081d4a790f36781eef707

SHA-256:
cf34bd5885c00c1f83fbe74aa5ffe1e7ae3b80458305c074fd7b79aef19eb081

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 2:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebitarP.Installer (M)
16.3.31.8

File size:
3.7 MB (3,882,568 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://smile-files.com (C) 2014

Original file name:
SmileFiles.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\va-kan_kan_riddim-(promo_cd)-2014-yvp_int_downloader.exe

Digital Signature
Signed by:
Webitar Production Inc

Authority:
DigiCert Inc

Valid from:
11/10/2014 7:00:00 PM

Valid to:
11/15/2017 7:00:00 AM

Subject:
CN=Webitar Production Inc, O=Webitar Production Inc, L=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F9F8704E151CAFCFEFEECFBBA733C63

File PE Metadata
Compilation timestamp:
1/22/2015 9:14:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:fD8T4QU77GbmbPjgWd7FfMtUeEvDmex+dFzvBi:6M7DbsWd7FfYrEvp2U

Entry address:
0x43783E

Entry point:
E9, FF, AA, 07, 00, 80, F9, 57, 01, C7, E8, EF, 0E, 08, 00, 73, C2, A0, DE, F5, AD, 9A, 0F, 34, 80, C6, 14, EA, 11, 57, A4, 42, 32, 66, 96, 50, F4, 85, 53, 78, A5, 32, 95, 53, DF, 32, E0, 04, 28, C6, EE, 3D, 40, 92, 14, CB, CC, 50, DF, 5F, 0E, E9, 79, 2E, B7, B8, 86, 67, B8, 1C, F4, 99, 46, D9, E4, 5A, 48, 1D, FF, 82, ED, 27, 8A, 66, 94, 1E, 37, 54, D9, 8F, 60, AD, 88, 1B, 25, 1A, A9, 65, A7, 1F, 8F, 01, 04, 9A, 89, A4, DA, 3C, 76, F2, 7B, AE, 25, 72, 01, 1A, C6, C0, 33, 02, 92, 9A, 44, 4B, FA, 0A, 81, AE...
 
[+]

Entropy:
7.9951

Packer / compiler:
Xtreme-Protector v1.05

Code size:
932 KB (954,368 bytes)

The file va-kan_kan_riddim-(promo_cd)-2014-yvp_int_downloader.exe has been seen being distributed by the following URL.

http://d.smile-files.com/j5GTdi/7qFUt/6xRIeq4J2rVuGo38uEbZKuwIDGLpXYs9chlEuHddn CvXRjlqVFWq/IVgbSy1sC3MlYDc5yBlyFYUpzwDlIdcM4WTqZY/cgmWfYO2QkuHBwb 48bkjwAXhc5wctHb0FeET8ASUAhRp4RvgaT0rfS1BVyhtMMt0bWGvU7V1vz JHEtzlTT 3/EVoksFmK673KAKs9iECuMEiCuqSdh2/1QsEr5dvQM2fZEbJg1lOxY9CCI7lAOCA1lGwz/tF65/.../m6LyKh63oj YJiKqmGZ0ay0WMT7dVpH vHWk3skVJWxokERJDAXgnRNko=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.