» angrysmileyssetup_ch.exe
Overview
Analysis
File Details
Downloads (1)

angrysmileyssetup_ch.exe

Internet Trend Technology S.A

The application angrysmileyssetup_ch.exe by Internet Trend Technology S.A has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile. The file has been seen being downloaded from www.angrysmileys.com.

File name:

Publisher:

Internet Trend Technology S.A (signed and verified)

MD5:

b7b983f71cf8fcca9c644adcb7b6b7a4

SHA-1:

3cd27a4748ce2b6f0172fb0724dd67cab9c57243

SHA-256:

3494df805a4d35eb643d7f9e76fd44b21ad0a82c4898cc0fd167ec0c742fc77f

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/25/2024 7:55:34 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.18.169

avast!

Win32:PUP-gen [PUP]

2014.9-150127

AVG

RelevantKnowledge

2016.0.3216

Bitdefender

Adware.Relevant.BH

1.0.20.135

Dr.Web

Adware.Relevant.81

9.0.1.027

Emsisoft Anti-Malware

Trojan.Win32.Gabba!IK

8.15.01.27.12

F-Secure

Adware.Relevant.BH

11.2015-27-01_3

G Data

Adware.Relevant.BH

15.1.22

IKARUS anti.virus

Trojan.Win32.Gabba

t3scan.1.1.109.0

Panda Antivirus

Suspicious file

15.01.27.12

Reason Heuristics

PUP.Installer.InternetTrendTechnologySA

15.2.14.11

File size:

676.8 KB (692,992 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\angrysmileyssetup_ch.exe

Digital Signature

Signed by:

Internet Trend Technology S.A

Authority:

Thawte, Inc.

Valid from:

5/5/2011 8:00:00 PM

Valid to:

5/5/2012 7:59:59 PM

Subject:

CN=Internet Trend Technology S.A, O=Internet Trend Technology S.A, L=Panama City, S=Panama city, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0A3BF08C2B589E51F093CF8D5375B480

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:tm5SQ7mLFtY6nM1817Osum6oFCMtVIoRttcKJkqja3+H0fe4tdS4uVicBi:tm5+LF33um6ocUj/kQ82+degei

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9651

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file angrysmileyssetup_ch.exe has been seen being distributed by the following URL.

http://www.angrysmileys.com/downloads/.../AngrySmileysSetup_CH.exe

Remove angrysmileyssetup_ch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.