viber.exe

Program Setup

Quality Criteria (Alpha Criteria Ltd.)

The application viber.exe by Quality Criteria (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.appfindr.org.
Publisher:
SecuredDownload  (signed by Quality Criteria (Alpha Criteria Ltd.))

Product:
Program Setup

Version:
1.0.5.a0.1_59214

MD5:
9e00bbbb985e48894cf18b097e2acd47

SHA-1:
f6a2ad9c936cbf104eee152af2ca5974f4c1f6a3

SHA-256:
a0dd28f5ab0204a40c154462568aba9308e2992945a3311e5d115b1bb59f0bda

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 1:05:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.23.13

File size:
915.9 KB (937,880 bytes)

Product version:
1.0.5.a0.1_59214

Copyright:
SecuredDownload

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\viber.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 5:41:47 AM

Valid to:
8/4/2016 8:23:54 AM

Subject:
CN=Quality Criteria (Alpha Criteria Ltd.), O=Quality Criteria (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DC9E5F7E1CC5DF0CA4ED082CF7EB9D86

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:UvKv1P8DGFiu57x5SEFzeFigd58SwkYIbtu3:gMeIfqCw46s

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9324

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file viber.exe has been seen being distributed by the following URL.

Remove viber.exe - Powered by Reason Core Security