vipboxsportsappsinstall(18_3f)_ch.exe

The application vipboxsportsappsinstall(18_3f)_ch.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from download.vipboxsportapp.com.
MD5:
306a38ac4d7aac5f6bcab50cc15d70ac

SHA-1:
5d8a937bf59c2a9bf5811382b35666d725dc2c1b

SHA-256:
2836a457a3dc7ba43975002207ae216e3f01b3a156f1aacc2b59600981aa89c2

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
12/26/2024 5:09:14 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.1ClickDownload
4.0.3.16721

Comodo Security
Application.Win32.MCool.~RGY
17049

Dr.Web
Adware.Downware.1263
9.0.1.0203

ESET NOD32
Win32/Adware.1ClickDownload.AO
10.8875

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2016.07.21.08

Reason Heuristics
Adware.1ClickDownload.ET (M)
16.7.21.20

Sophos
CoolMirage
4.93

Trend Micro House Call
TROJ_GEN.F47V0819
7.2.203

VIPRE Antivirus
News.net
22088

File size:
539.9 KB (552,811 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\vipboxsportsappsinstall(18_3f)_ch.exe

File PE Metadata
Compilation timestamp:
4/28/2013 4:17:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:1XH38FA7I8C4zWpgybvI2CMNYwFY2ZF7SuJyMj6VS:JHMeq4WRvOBm7fJybS

Entry address:
0x1CC88

Entry point:
E8, 99, 58, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 35, 24, 00, 00, C7, 06, 94, 71, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 94, 71, 42, 00, E9, EA, 24, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 94, 71, 42, 00, E8, D7, 24, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 80, CD, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.7119  (probably packed)

Code size:
147 KB (150,528 bytes)

The file vipboxsportsappsinstall(18_3f)_ch.exe has been seen being distributed by the following URL.

Remove vipboxsportsappsinstall(18_3f)_ch.exe - Powered by Reason Core Security