windows_movie_maker_2014_fr_setup.exe

BERNEX APLICACIONES SL

The application windows_movie_maker_2014_fr_setup.exe by BERNEX APLICACIONES SL has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from s3-eu-west-1.amazonaws.com and multiple other hosts.
Publisher:
BERNEX APLICACIONES SL  (signed and verified)

MD5:
326004df1fc48be679a7d0d69d18f4df

SHA-1:
11a0a5f07f38013b465ac4be8307f002ae64acf9

SHA-256:
a744be7a7707ef1fe3cff2d166f4fc57f92815016950eaa921a2269b88527f76

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
11/23/2024 10:45:06 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3229

Baidu Antivirus
Trojan.NSIS.ArchSMS
4.0.3.15114

ESET NOD32
NSIS/Hoax.ArchSMS
9.11008

K7 AntiVirus
JokeProgram
13.191.14631

Malwarebytes
PUP.SmsPay
v2015.01.14.12

McAfee
Artemis!326004DF1FC4
5600.6885

Panda Antivirus
Generic Suspicious
15.01.14.12

Reason Heuristics
PUP.Installer.BERNEXAPLICACIONESSL.b
15.1.14.12

Sophos
Generic PUA BB
4.98

VIPRE Antivirus
Trojan.Win32.Generic
36630

File size:
493.9 KB (505,800 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\windows_movie_maker_2014_fr_setup.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/21/2014 5:13:00 PM

Valid to:
2/21/2015 5:13:00 PM

Subject:
CN=BERNEX APLICACIONES SL, O=BERNEX APLICACIONES SL, L=BARCELONA, S=Barcelona, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0804F5E79AF7B1

File PE Metadata
Compilation timestamp:
1/5/2012 7:21:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:Ncu38Ywh3lC61AAAAAAAAA5AAAAAAAAAKIXjDbfIUPhvUW0/LUgU46ZElWS/FM:NB3r0jPIuGR/S46ZElbC

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
5.7839

Code size:
33.5 KB (34,304 bytes)

The file windows_movie_maker_2014_fr_setup.exe has been seen being distributed by the following 5 URLs.

https://s3-eu-west-1.amazonaws.com/installer-premium/.../WINDOWS_MOVIE_MAKER_2014_FR_setup.exe

Remove windows_movie_maker_2014_fr_setup.exe - Powered by Reason Core Security