vms8ztra.exe

Statscom

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file vms8ztra.exe by Statscom has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
Swift Smooth Setup  (signed by Statscom)

Product:
Swift Smooth Setup

Version:
71.6.1.6630

MD5:
ccac03c4671964ba52fa449194cd557e

SHA-1:
7324c966f8234bcf36be435171596bf9dee8773c

SHA-256:
9864ee6abeb54382d0d30dc0a856ebfffe40f7fada6a94f207c43ee32dc5726b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 10:37:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tightrope.Statscom.Bundler (M)
15.11.9.9

File size:
866.8 KB (887,648 bytes)

Product version:
71.6.1.6630

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\vms8ztra.exe.part

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
9/16/2015 7:36:38 PM

Valid to:
9/16/2016 7:36:38 PM

Subject:
CN=Statscom, O=Statscom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A7546255E5A1349D

File PE Metadata
Compilation timestamp:
11/3/2014 9:59:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:lqLHcOtHUqfu7PnyfgIvJs+SHeF3QDS1qoOV8fU7sDbBfadwHg:MHvlLu7/yfgUs3H+QbVSU7Bdcg

Entry address:
0x1683

Entry point:
E8, F8, C1, 00, 00, E9, FA, BA, 00, 00, CC, CC, CC, 55, 8B, 6C, 24, 0C, 57, 33, FF, 85, ED, 76, 69, 53, 8B, 5C, 24, 10, 56, 8B, 74, 24, 1C, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 8A, 04, 1F, 0F, B6, C8, 80, B9, 68, 4A, 41, 00, 00, 75, 1E, 8D, 96, 0C, 02, 00, 00, 39, 16, 72, 09, 56, E8, 71, 40, 00, 00, 83, C4, 04, 8B, 06, 8A, 0C, 1F, 88, 08, FF, 06, EB, 0A, 56, 50, E8, 0C, 20, 00, 00, 83, C4, 08, 47, 3B, FD, 72, C4, 85, ED, 76, 0E, 68, 9C, FF, 40, 00, 56, E8, A5, 40, 00, 00, 83, C4, 08, 5E, 5B, 5F, 33, C0...
 
[+]

Entropy:
7.9694  (probably packed)

Code size:
52.5 KB (53,760 bytes)

Remove vms8ztra.exe - Powered by Reason Core Security