home

atube-catcher-381462-baixaki-32-bits.exe

The application atube-catcher-381462-baixaki-32-bits.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from s3.amazonaws.com and multiple other hosts.
MD5:
4402c8db627ecae6b356441261380db8

SHA-1:
2618468dad6e901c4724fbf26ce709400c5510e8

SHA-256:
d265fd6f6d3983045af248c076d585fa832cfb890af9301fbe397a9cddc2d4dc

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/9/2024 5:47:26 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
PUA/InstallCo.AB
8.3.2.4

Clam AntiVirus
Win.Adware.Installcore-427
0.98/21511

Comodo Security
ApplicUnwnt
23882

Dr.Web
Adware.InstallCore.122
9.0.1.010

ESET NOD32
Win32/InstallCore.BL potentially unwanted
10.12798

Fortinet FortiGate
W32/InstallCore.BL
1/10/2016

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

G Data
Win32.Application.InstallCore.CJ
16.1.25

IKARUS anti.virus
PUA.SoftwareBundler
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18268

Malwarebytes
PUP.Optional.InstallCore
v2016.01.10.05

McAfee
Artemis!4402C8DB627E
5600.6524

NANO AntiVirus
Riskware.Win32.InstallCore.dcnbbz
1.0.14.5380

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.10.17

Rising Antivirus
PE:Malware.InstallCore!6.4 [F]
23.00.65.16108

Sophos
Generic PUA CG (PUA)
4.98

SUPERAntiSpyware
PUP.InstallCore/Variant
9394

Trend Micro House Call
TROJ_SPNR.0BJA13
7.2.10

Trend Micro
TROJ_SPNR.0BJA13
10.465.10

Vba32 AntiVirus
Downware.InstallCore
3.12.26.4

VIPRE Antivirus
InstallCore
46134

Zillya! Antivirus
Adware.InstallCore.Win32.950
2.0.0.2586

File size:
622.1 KB (637,016 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\atube-catcher-381462-baixaki-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:CpyMJfs2yLl1m6jIgjS4HSU6us2WhX33/NNWbIZWLVqNVS2eXjoorfc2M:CpyMJfspJ4T40uIV33lNWyWANVUzDrfE

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file atube-catcher-381462-baixaki-32-bits.exe has been seen being distributed by the following 2 URLs.

http://s3.amazonaws.com/dl.baixaki.com.br/programas/.../atube-catcher-381462-baixaki-32-bits.exe

http://dl.cdn.baixaki.com.br/programas/.../atube-catcher-381462-baixaki-32-bits.exe

Remove atube-catcher-381462-baixaki-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.