» 137252b03b0978e485e680e677141f51c00af500
Overview
Analysis
File Details

137252b03b0978e485e680e677141f51c00af500

Onekit Internet S,L

The file 137252b03b0978e485e680e677141f51c00af500 by Onekit Internet S,L has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the OneKit Downloader installer. It is installed within the Mozilla Firefox web browser as part of an addin/plugin.

File name:

Publisher:

Onekit Internet S,L (signed and verified)

MD5:

83c2d36c7be14c3ca27499385749077c

SHA-1:

5fea97a78c820bd29d799acb175a1ebce00cfc0e

SHA-256:

6fe5cc7f200da90c37d4bddebc96433793b97c6f1c6a2a749716dd66be58cd67

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 11:12:15 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Vittalia.140

9.0.1.05190

Reason Heuristics

PUP.OnekitInternet.OnekitInternetSL.Bundler (M)

16.2.13.0

Sophos

PUA 'Lollipop' (of type Adware)

5.23

VIPRE Antivirus

Threat.4786531

46938

File size:

2.4 MB (2,510,527 bytes)

Bundler/Installer:

OneKit Downloader (using Nullsoft Install System)

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\137252b03b0978e485e680e677141f51c00af500

Digital Signature

Signed by:

Onekit Internet S,L

Authority:

GlobalSign nv-sa

Valid from:

4/15/2013 5:25:37 PM

Valid to:

5/18/2016 11:11:52 AM

Subject:

E=info@onekit.com, CN="Onekit Internet S,L", O="Onekit Internet S,L", L=Cerdanyola Del Valles, S=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216C6B688869B7980323D94C3965BBB528

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:P56x8/bH3NI/gsi30X/DY7bb2G0UgZ/jSJ3wllyQiEyklA+4grrINdS:P88/rKgsykYDv0Ue+w5i5klA+PQNdS

Entry address:

0x3883

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

27.5 KB (28,160 bytes)

Remove 137252b03b0978e485e680e677141f51c00af500 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.