home

atubecatcher.exe

aTube Catcher

DS NET CORP SA DE CV

The application atubecatcher.exe, “aTube Catcher Setup ” by DS NET CORP SA DE CV has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from es.kioskea.net and multiple other hosts.
Publisher:
DsNET Corp   (signed by DS NET CORP SA DE CV)

Product:
aTube Catcher

Description:
aTube Catcher Setup

MD5:
f51abcdba1fb323c832c0dbc3fd1d169

SHA-1:
af8cb688b5858a4bd9cdb2c47b57542af2e8f491

SHA-256:
ee01c1da2c339b39e31be33589f6f9e0cf34a0abc2bf87be08c3f9793d8cab63

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
4/18/2024 11:14:37 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.10359

Reason Heuristics
PUP.Optional.DsNET.Atube.Installer.Meta
15.4.25.13

File size:
16 MB (16,810,336 bytes)

Product version:
3.8

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\atubecatcher.exe

Digital Signature
Signed by:
DS NET CORP SA DE CV

Authority:
VeriSign, Inc.

Valid from:
7/9/2014 9:00:00 PM

Valid to:
7/10/2015 8:59:59 PM

Subject:
CN=DS NET CORP SA DE CV, O=DS NET CORP SA DE CV, L=BENITO JUAREZ, S=DISTRITOP FEDERAL, C=MX

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
159B1F7449919B3EBF8FF194D5D7C038

File PE Metadata
Compilation timestamp:
10/13/2013 5:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:WBmw1grtply/x1u5qAxwiSU9lk5qt4s3Zo8r2a5UtF:WUwul+xuqjLwCsJyYUb

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file atubecatcher.exe has been seen being distributed by the following 8 URLs.

http://es.kioskea.net/download/.../download-1021-

http://files.dsnetwb.com/aTube_Catcher.exe

http://www.atube.me/links.php?id=brothersoft

http://atube-catcher.dsnetwb.com/links.php?id=brothersoft

http://www.techtudo.com.br/_/software/.../download

http://files.dsnetwb.com/aTubeCatcher.exe

http://get.atube.me/aTube_Catcher.exe

http://get.atube.me/aTubeCatcher.exe

Remove atubecatcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.