» 1_offer_50.exe
Overview
Analysis
File Details
Downloads (1)

1_offer_50.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 1_offer_50.exe by Naruto Source has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.infostatsserv.com. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

1_offer_50.exe

Publisher:

Naruto Source (signed and verified)

Description:

Tbbkglwrv

Version:

8.0.9.1

MD5:

a9c4d9acbf5bc33b226575b969414a60

SHA-1:

3657556f077592f813ef48a8ec987463f671e15e

SHA-256:

5d4fd8a7edb3c36dff2c0e20234f17851b4968a9a72d796e9d8ac05fd8f2363c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 12:28:08 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NarutoSource.K

14.8.29.2

File size:

9 MB (9,398,960 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1_offer_50.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 12:00:00 AM

Valid to:

7/28/2015 11:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

12/4/2012 1:54:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:JawtWgLRcdKgyLAUoFGIjUyS791X/RRtBdjwLImcs:JJYgudKjMUWhE1XpR3djw4s

Entry address:

0x4101

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, B3, 7C, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, B4, 7C, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, B4, 7C, 00, 56, A3, 6C, 23, 7C, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, C8, 23, 7C, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, B4, 7C, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

32.5 KB (33,280 bytes)

The file 1_offer_50.exe has been seen being distributed by the following URL.

http://dl.infostatsserv.com/outil/fuully/.../setup.exe

Remove 1_offer_50.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.