vistart__________________________________9981_gc.exe

Download

The application vistart__________________________________9981_gc.exe by Download has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.comay14sun.com.
Publisher:
Download  (signed and verified)

MD5:
7e69c73d7574a0fb03db2a7efb4bce8c

SHA-1:
0f445ba34775c769ccb39a89e6b28ede83fbd9a4

SHA-256:
fe49a560c31e18cc24a04e9572f89554dbd814e59d0e87dc82716e17c47b9c2c

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/23/2024 6:29:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.173.134

avast!
NSIS:InstMonetizer-BB [PUP]
2014.9-140926

AVG
Generic
2015.0.3340

Baidu Antivirus
Adware.Win32.InstallMonetizer
4.0.3.14926

ESET NOD32
Win32/InstallMonetizer.BC
8.10445

McAfee
Artemis!7E69C73D7574
5600.6996

Reason Heuristics
PUP.Download
15.2.14.11

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14924

Trend Micro House Call
Suspici.12797D5E
7.2.269

File size:
431.7 KB (442,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/5/2014 2:00:00 AM

Valid to:
3/6/2015 1:59:59 AM

Subject:
CN=Download, O=Download, POBox=95185, STREET=5655 Silver Creek Valley Road, STREET=Building, L=San Jose, S=California, PostalCode=95138, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
36896B9F1FE4BA948408D30CEDEBD165

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:db6gDbLecp5UkallMCBwKH/gHoCp8tbJd5AAAAqybJd5A8I:dbTLecUkalWC3/gH0tbJd5AAAfybJd5y

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vistart__________________________________9981_gc.exe has been seen being distributed by the following URL.