» viber+4.exe
Overview
Analysis
File Details
Downloads (14)

viber+4.exe

Viber

Sevas-S LLC

The application viber+4.exe by Sevas-S has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from viber.downloadable.co and multiple other hosts.

File name:

viber+4.exe

Publisher:

Sevas-S LLC (signed and verified)

Product:

Viber

Version:

1.0.0.0

MD5:

87b996fb4fdf5deea361b5bd33633555

SHA-1:

c88747307f4e9cbb9091e1360396f207af5c3614

SHA-256:

8a23c2204cdc1ad0ecf343c0b0c65f86cc20dcc9b5ccac9f456216d4cbf967f3

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/14/2024 4:11:19 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2014.08.17

AVG

Generic

2015.0.3377

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.14819

Dr.Web

Adware.OpenCandy.39

9.0.1.0231

ESET NOD32

Win32/JoyDownloader

8.10267

IKARUS anti.virus

PUA.JoyDownloader

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.OpenCandy

v2014.08.19.06

McAfee

Artemis!87B996FB4FDF

5600.7033

Reason Heuristics

PUP.SevasS.H

14.8.19.18

Sophos

Generic PUA MI

4.98

Trend Micro House Call

Suspicious_GEN.F47V0720

7.2.231

VIPRE Antivirus

Sevas-S Installer

32282

File size:

489.6 KB (501,400 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\viber+4.exe

Digital Signature

Signed by:

Sevas-S LLC

Authority:

VeriSign, Inc.

Valid from:

2/23/2014 1:00:00 AM

Valid to:

3/26/2015 12:59:59 AM

Subject:

CN=Sevas-S LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sevas-S LLC, L=Kyiv, S=Kyivska oblast, C=UA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4B35AC223F4DB03D3B4C5368983A4B53

File PE Metadata

Compilation timestamp:

5/20/2013 1:53:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:BKcXy9i2wKJJmHczrssF9zQi2VTEqGVz6wgvAAR9wMzju:nCsae8zwsbQi2VTmgTRWMzju

Entry address:

0x333E

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

The file viber+4.exe has been seen being distributed by the following 14 URLs.

http://viber.downloadable.co/get_file/wUiS4WnYccXBwj zXP7oQkEsml0kPj 1E1v4ZtbB4Kt2tCersGMrwdoKLUDub7z OXq3g15bOHHKQr21E/Y9xbNyxsaYAAuR7SS7BkL9qi3m16DDpZrSkGJBs/Np0QAAT3K5X3Yghshq9Cr6UHHNGf8clJaocnVberJxJR0FIemuBC89asWNLBgonuG9RjQuO4/32/8wDmuzukjE3/VuDoD5NNClLHtd1dO8D JnlR8f/9e n1O7ZK1/hWv/XZsCqYSpSDrjsJuC2XV0db0aT4U Mjwptui1S0U92kPyxdYHGS/.../wp4jvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1Ghv2cteQv U8/zC24jEwnskFdE3mbLv1P3C yV1bOSCGH O1Tuxrlqtrh8ycBgaDmXaqWQTsvGXqw6DDpZrSkmlZ4cxkkV4BXnOtGDt1lsoh7CC5UGCTUvoFnNXqdD0BYqswLx0INK/lXTl1e8Tcf0J2nqqnGCQvaoT1w Z2BGi6uEibxbwsWMP0NYDyfXof1cS3D699zUhX/4O h1ryfPU2hSflCchX/.../rBwfhoojvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zOh/jwnickFbk3kYqn PHeuyxdSNGmeTqHnQfdi0bI5zseZBwWU/y7xD0D8 3G8geeS943KmjpBoJY7wF9GXmTxU2Ighshq9Cr7UHH/.../t9xkkH5sv3j1Lqb61nnG sAcVPqoOpSDrjspuCmz4rJLxCRY4vbSZg8L72VF8j0gS7lNdBGT6nX1 m4Yjvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXBwj pXP7oQlssmVQ9fDKhEgqnKJyK97Yk5jz0o2xywt4IKkPjbLC/NXC20g0BZnGHWOOlEqc2xKtrh8yeDR7XpnvqBwX9vnGtifXUqd7Yg2gIq5QwiUcWDTXnVm880YF17CC5UGaTUvoFmpKjJTxEYrs4PUdMIaS0XH11aomXeE99y L2GWUve4/gkbRhHGL5uF/FjvpsBpu1YsntZXNWzYX5D JnlRwf/4nvhhvyaqBnwXX6Vt1Wrc26QnP71cjCz247Y6gWDdEvMjwptui1S0U92kPyxdYHGS/.../wp4jvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXGwj 8XPavWwllklY3NSrBQUqnIsfXq7Z uHf14WJzy9EceR6kKOetdjb nEZTcWmJEfvhQedigatrh8yeDR7XpnvqBwX9vnGtifXUqd7Yg2gIq5c6kREGRn3kAD9/hsI79WjwWWmLAOUI2syiPTINerwyLREHIaS0XHx1apiRek93zrPvUSwmcpfw0uknBSqwsVDdxaY4Fpn esCkfXBbzcr F sujUJW/.../yfO0syXj5RIxP5YSxQHP78MjEiCd5bbdATsc3P3Ux5arnRFg0nB3p3dxAEyXiBwz1oZPvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv I253eq ysyl4pHaAW7erC/NXa20hIBYDbOCeLkErY90fk5kNSWRAaU9T39DET sGm0yP/XpMuN2SMS48AiiAxIVXKnAjdyksIs CC5UGGTUvgY2syiPTYNerggJFsFN6XlACMjLdzFZREjjav2dH93Lcfp1fNgRjyouRnFn/V R8vpYsn3ZXBf1IK3HuM2xkRB/.../JHkHy288YOb2SYjbaRBRoAvMjwps i1W0M1nB3z3dtOAS7hAwr0o4jvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXBwj qXP7oQkEsnV0kOjilERDga5/ZtukkrjyqsGMrwdoNJgTtbrHuaSzglAEaIGjPEeqtCrc0x6trh8yfDR7Vuz3zT0z2smm mf6SpNrSgzoS9Yc7wF9AXmSmDSx 18kq9Dm8AzeLS/.../UlK04Ijvig==

http://viber.13-50298-205770.53f10170b6bdd.dablecdn.com/get_file/OXo2TAXh6Jtlz4n_IMYiQQ/1408307072/13/17/1/.../Viber 4.exe

http://viber.downloadable.co/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/yOn9np5iNEIJ1XlaL77OHOuyxdSNmmeTbD7Tac8gLNhxcyPYVXDqm3jCFii8C6tgLbbqNPKxCsL NdlkV4bXnejCjZ2lMQp SrxGWmaSq4FkZPzPHQNarMgLh8dOOz9VXBtOJeaNBBhhqTuACMleoz6w Z2BGi6uEibxbwsWMP0NYDyfXof1cS3D699zUhX/4O h1vyfOkswz6tWsVc7cz4SX/.../rBwfhoojvig==

http://viber.13-50298-205770.53f100c373770.dablecdn.com/get_file/TzTT3-bBGq54VxFcWjugvg/1408306899/13/17/1/.../Viber 4.exe

http://viber.downloadable.co/get_file/wUiS4WnYccXBwj zXP7oQkEsml0kPj 1E1v4ZNbB47pquHf14WJzytEcSx61PfnnO23piAFKOSCGHeO1Tf13mvs11s3EDQ2V/yf7DED/sXO0yP/QrtPKxToI4clhyhAACGSsSTRwntFvp3mvGHGSA7ZfwtWnbmMVY/o4KRIdMa/yUX1/asWNLBgonuK9RjQuIY/.../6q4jvig==

http://viber.13-50298-205770.53fddca46243b.dablecdn.com/get_file/VwZ04oH1p-z676-qIeUE9A/1409149620/13/17/1/.../Viber 4.exe

http://viber.downloadable.co/get_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhnyas6H7KB2sTS35you2dBNJ0Ltev2lbSb 0l8bOGCGCbD TKc8gLNiztScAB6avCX8BlSh4Sfqmf6SpNjZm3Et MdlwU5GSiPvXyx 18kv9DmvEiPAAulOw57rNjMHYbg2Jh4ONKS0XHl1ao2Xcgkp1avlES1mcob4w6tsWnux8VDJlu1uBJe6d8K8ZDJW2cuvS7Z4y0hX/.../UlK04Ijvig==

http://viber.downloadable.co/get_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL3as6V7LFjr3f14WJ2wclYdBuyerC/NXK9ykY azHZWfKjBuB/lqtrh8ybDR7HoHOsWQTlszi1iP/DrNrcg2gIq5M6kQAKFC/lXyx zcko ivyXGeQSLtZw4TrND0VK BmPRNWOa70XTl1e8TcYEJ2nqqnGCAvaofy1OoyDnux8VDMlu0sXcave4GkantO2sG/FOE2lF4f74LvyRzqZel/lia0At1Wrc25SWu28IOb2SYnbaQEHNppZjhgounkFxlrnE/.../ypIjvig==

Remove viber+4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.