Visionneuse-PP-2007.exe

NextRadioTV

The application Visionneuse-PP-2007.exe by NextRadioTV has been detected as adware by 22 anti-malware scanners. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from cdnus.ironcdn.com.
Publisher:
NextRadioTV  (signed and verified)

MD5:
ed766e4502461db58988c7fce27ee67b

SHA-1:
1728ed6e982e0aafed4e7a32398bc6e4e06d32ff

SHA-256:
e789cea3b084bbc0c21f4914403afab5205767fece875dd590783db136e1ec5f

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The installer is a co-bundle distribution utility that might contain adware or various unwanted programs. While the software it is providing is typically clean, the donwload manager offers could be classified as unwanted.

Analysis date:
12/4/2024 7:33:06 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.12.19

Avira AntiVirus
7.11.120.124

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.131220

Bkav FE
W32.Clod2fe.Trojan
1.3.0.4613

Boost by Reason
Adware.NextRadioTV.T
2013.8.29.2

Comodo Security
ApplicUnwnt.Win32.AdWare.Agent.~A
17420

Dr.Web
Adware.InstallCore.80
9.0.1.0241

Emsisoft Anti-Malware
Riskware.Win32.InstallCore.AMN
8.14.02.14.12

ESET NOD32
Win32/InstallCore.AZ (variant)
7.9190

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

herdProtect (fuzzy)
2013.12.20.17

IKARUS anti.virus
SoftwareBundler
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10439

Malwarebytes
v2013.11.26.06

McAfee
Artemis!19EF503B0319
5600.7275

Microsoft Security Essentials
1.165.247.01

Reason Heuristics
PUP.NextRadioTV.T
14.3.1.0

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.131209

Sophos
InstallCore ToDownload
4.95

Trend Micro House Call
TROJ_GEN.F47V1223
7.2.241

Trend Micro
TROJ_GEN.R0C1C0OIP13
10.465.14

VIPRE Antivirus
InstallCore
24658

File size:
1.2 MB (1,210,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\visionneuse-pp-2007.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/5/2012 5:00:00 PM

Valid to:
8/6/2013 4:59:59 PM

Subject:
CN=NextRadioTV, O=NextRadioTV, STREET=12 rue d Oradour sur Glane, L=Paris, S=IDF, PostalCode=75015, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F6B0E6D7739316BE77DBC3CE3EF38235

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:9nORlxTZmrAvlrUcg4XWJ2rOJyDMSMLM:9nyFmrAvvgWWJ2rOJy0

Entry address:
0xD67A0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 3C, E6, 41, 00, E8, 79, EC, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7418

Developed / compiled with:
Microsoft Visual C++

Code size:
869.5 KB (890,368 bytes)

The file Visionneuse-PP-2007.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-49-170-39.eu-west-1.compute.amazonaws.com  (52.49.170.39:80)

TCP (HTTP):
Connects to ec2-46-137-76-150.eu-west-1.compute.amazonaws.com  (46.137.76.150:80)

TCP (HTTP):
Connects to a72-247-208-212.deploy.akamaitechnologies.com  (72.247.208.212:80)

Remove Visionneuse-PP-2007.exe - Powered by Reason Core Security