» 1_offer_6.exe
Overview
Analysis
File Details

1_offer_6.exe

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application 1_offer_6.exe by Motoko Group has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

1_offer_6.exe

Publisher:

Motoko Group (signed and verified)

Description:

Vljhvej

Version:

11.10.0.14

MD5:

76dd632b03a4c0720def789596399170

SHA-1:

cafffb746184153457b64e28e22556c512a3258f

SHA-256:

5e707a61205cd9f7f8daa82159433e9cda9af74a317ff0b15f74840538d23141

Scanner detections:

4 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

4/18/2024 8:43:16 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3400

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3493

Reason Heuristics

PUP.MotokoGroup.J

14.7.28.8

File size:

7.8 MB (8,134,416 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1_offer_6.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 9:00:00 PM

Valid to:

7/18/2015 8:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

12/4/2012 10:54:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:1D0sCh8hyV6eaUT4WjKIbqWgy1C99FvNIXkN10gooBjZNs:Sph88MqcgngT+ru1vs

Entry address:

0x4105

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 30, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 8C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

34 KB (34,816 bytes)

Remove 1_offer_6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.