aiviewerfree_setup.exe

RSPARK LIMITED LIABILITY COMPANY

The application aiviewerfree_setup.exe by RSPARK LIMITED LIABILITY COMPANY has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.freepicturesolutions.com.
Publisher:
RSPARK LIMITED LIABILITY COMPANY  (signed and verified)

MD5:
b42ed2adde6b4155022c238edb1d524f

SHA-1:
2e201617062b88ccbb26c3ce8dd9359acdc0464a

SHA-256:
fbc266044b0cf7c64a4a2574eb0b596fc02965f116bd8d60ad3ddf2c309cf3a7

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
8/17/2018 7:56:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.Bundler.Outbrowse.AJ
6423343

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.20

Avira AntiVirus
APPL/Downloader.Gen
7.11.211.168

avast!
PUP-gen [PUP]
150203-1

AVG
Downloader
2016.0.3193

Bitdefender
Dropped:Application.Bundler.Outbrowse.AJ
1.0.20.255

Comodo Security
Application.Win32.AltBrowse.HY
21145

Dr.Web
Trojan.Packed.28592
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Application.Bundler.Outbrowse.AJ
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/20/2015

F-Secure
Riskware.Dropped:Application.Bundler.Outbrowse
5.13.68

G Data
Dropped:Application.Bundler.Outbrowse.AJ
15.2.25

K7 AntiVirus
Unwanted-Program
13.197.15029

K7 Gateway Antivirus
Unwanted-Program
13.197.15027

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.20.04

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

McAfee Web Gateway
Adware-OutBrowse.e
7.6849

MicroWorld eScan
Dropped:Application.Bundler.Outbrowse.AJ
16.0.0.153

NANO AntiVirus
Trojan.Win32.OutBrowse.dmxjlz
0.30.0.126

Reason Heuristics
PUP.Installer.RSPARKLIMITEDLIABILITYCOMPANY
15.2.20.4

Sophos
Generic PUA CC
4.98

Trend Micro House Call
Suspici.1AC582C8
7.2.51

VIPRE Antivirus
Threat.4150696
36694

File size:
575 KB (588,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\aiviewerfree_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
8/20/2014 6:42:44 PM

Valid to:
8/21/2015 6:42:44 PM

Subject:
E=billing@rspark.com, CN=RSPARK LIMITED LIABILITY COMPANY, O=RSPARK LIMITED LIABILITY COMPANY, L=Seattle, S=Washington, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214776E87F6F533491BA6962DED798AED3

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vyFMBD+WZTRVhEZzJNnrbPoaVO6XlIgbYgOBWtgGdHf6Q:vyFMpJ2DoaVO6JbwCfJf/

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9714

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file aiviewerfree_setup.exe has been seen being distributed by the following URL.

Remove aiviewerfree_setup.exe - Powered by Reason Core Security