home

artcam_2013_with_cracks_downloads_downloader.exe

SimpleFiles Installer

New Monte Inc

The application artcam_2013_with_cracks_downloads_downloader.exe by New Monte Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. The file has been seen being downloaded from dlr8847.simple-files.info.
Publisher:
New Monte Inc  (signed and verified)

Product:
SimpleFiles Installer

Version:
1, 0, 490, 1

MD5:
39ee43307532fa9b6a246384379a14d9

SHA-1:
794923c68c9d018fe3f7fbc30a05bb5fa4d3a536

SHA-256:
36fc1b32c726f4f6b10027752e1bba2a77701b14a8c9ded1b291c368c0c8784c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/28/2024 10:14:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury.NewMonte.Bundler (M)
16.7.8.20

File size:
3.9 MB (4,051,024 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://simple-files.com (C) 2014

Original file name:
SimpleFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\artcam_2013_with_cracks_downloads_downloader.exe

Digital Signature
Signed by:
New Monte Inc

Authority:
DigiCert Inc

Valid from:
12/2/2013 7:00:00 AM

Valid to:
12/6/2016 7:00:00 PM

Subject:
CN=New Monte Inc, O=New Monte Inc, L=Mahe, S=Seychelles, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EF12F8AD3F2DFB7CD5C8F46FEE59C5C

File PE Metadata
Compilation timestamp:
1/22/2015 9:14:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:AoRJDC6OSf3ZxKeIC+81sArrSYVYYVYqAII+WSqUmgI7bgDm:5uIP22r1siSYVYYVYsI9HUWom

Entry address:
0x7A52E7

Entry point:
60, C7, 44, 24, 1C, E8, 04, 75, FF, 88, 2C, 24, E8, E8, 5E, D0, FF, 75, 50, 39, 1F, 1A, CA, 25, 30, 17, 80, 7C, 7F, 11, 5A, B9, 1C, C0, D3, B5, 02, A4, 17, 87, 88, FA, D1, 0C, FD, 87, E8, AD, 80, BF, 1A, 9F, 21, DC, B8, B2, 16, B1, F9, B5, 0A, BC, 1B, 4A, 6C, 29, BA, 83, 59, 70, 41, 86, 6F, C2, 5F, 76, 49, 1E, 88, E8, 4F, 76, D5, 1A, 60, 9D, 87, 32, 05, 95, A5, 9C, 09, 25, 6E, 86, 3F, 33, 14, 57, 42, 85, 42, E1, E6, 50, 33, D3, 05, 18, 57, 28, F4, 51, 2E, 8B, 10, 50, BB, 1A, 97, C3, 51, BB, 22, BB, 2E, B1...
 
[+]

Entropy:
7.9318  (probably packed)

Code size:
972 KB (995,328 bytes)

The file artcam_2013_with_cracks_downloads_downloader.exe has been seen being distributed by the following URL.

http://dlr8847.simple-files.info/j5GERXbTqFYthv0OOZOmKnrU/iRgobogZe 5IG2mjTx/qJZxVqPUahLm328Y78BTG/qGElCJnVYH1M1cDNo1VU6NdwMslXskL5AwTGyMY IomnzkDXRg zM5KKk5ZEjwNTEWsRZ0WsQOe17rV2xZxg94RskXVBfIGUkb2x5bHtARWSvD8El08dYSP9rrVA6g4lU2rM0uNvakYimr6RcIo6N6VPmTYV71nmND6Zt BILxNBSU2l1Jjo9VG9iDDuTKh1u3kvFJvcL R jK8k/zM/5EoDXh5b9 t7neR/.../NdlJ6nTYETj22tE8p0wWKzMVhvrx1c=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.