virtualbox-13122-dp.exe

Pofecas

Funnel Quality (Alpha Criteria Ltd.)

The application virtualbox-13122-dp.exe, “Pofecas Setup ” by Funnel Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headbundletown.com.
Publisher:
Funnel Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Pofecas

Description:
Pofecas Setup

MD5:
43be1a1676a82c26853766206d76dad2

SHA-1:
d0cac006c7a5dfec9cc3d8760c86655101cd91da

SHA-256:
2430aac7a6237f814a1508d3df3313c63e2e9dc33ee01fe7ac7c12ac7eece25f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 5:25:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.2.26.3

File size:
958.4 KB (981,392 bytes)

Product version:
5.2

Copyright:
Stub

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\virtualbox-13122-dp.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/7/2016 10:35:36 AM

Valid to:
8/3/2016 3:44:04 PM

Subject:
CN=Funnel Quality (Alpha Criteria Ltd.), O=Funnel Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6C9E138C2956FEB458B5B444F447890

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file virtualbox-13122-dp.exe has been seen being distributed by the following URL.

http://www.headbundletown.com/WVl6OTRQVGxDTVdkUGVrVlVZWEJIU0U1M1RrNW9jMmRGUkZCQ2EzbGhjVWMzYzFGdU5uWkVjVXh4ZDBkSmNHTWxNMFFtWXoxR1FVeHpZamRRVkdkaVNHMTVkM3A1VFRJMk9YcENOemhqUjJWNVRuaHZRVE4wTkVzMWVtNVpOVnBaSlRKR2VHSXdWbFJOVURodWVUYzNNVmRSZVZNbE1rSTVaSGxwUXpFNWJHTjRWVGN3T0RsNGVtcFVRa05oZEU0eWVFNXFVSFpIY0VOQlpVZFNXSFJPVUhjMU0yd3pRV0V3VldSTlEzQlpkbEJ5VVc1cWVtMVhiM0JyYkdNbE1rWmFia3M0VWpWUFdUazJZV0ZIUm5SSk5tY2xNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1aRzkzYm14dllXUXVkbWx5ZEhWaGJHSnZlQzV2Y21jbE1tWjJhWEowZFdGc1ltOTRKVEptTlM0d0xqSXlKVEptVm1seWRIVmhiRUp2ZUMwMUxqQXVNakl0TVRBNE1UQTRMVmRwYmk1bGVHVW1aRzkzYm14dllXUkJjejFXYVhKMGRXRnNRbTk0TFRFek1USXlMV1J3TG1WNFpRPT0=

Remove virtualbox-13122-dp.exe - Powered by Reason Core Security