» audacity-portable-203-gerenciador-32-bits.exe
Overview
Analysis
File Details
Downloads (1)

audacity-portable-203-gerenciador-32-bits.exe

WorldSetup

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application audacity-portable-203-gerenciador-32-bits.exe by WorldSetup has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from esd.superdownloads.com.br.

File name:

Publisher:

WorldSetup (signed and verified)

MD5:

155315218bfbc55fa1af75217a84df56

SHA-1:

d6ccd37987880cd83947f4056549f023977708db

SHA-256:

de42a72c95ea5df5958cf03126d5032db45847fd2389e861f588f0d928f0ddbb

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 5:54:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.92913

680

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.136.30

AVG

MalSign.Generic

2016.0.3158

Bitdefender

Gen:Variant.Zusy.92913

1.0.20.430

Comodo Security

Application.Win32.Installcore.BB

17910

Dr.Web

Trojan.Packed.24524

9.0.1.086

Emsisoft Anti-Malware

Gen:Variant.Zusy.92913

8.15.03.27.09

ESET NOD32

Win32/InstallCore.IO (variant)

9.9518

Fortinet FortiGate

Riskware/InstallCore_JE

3/27/2015

F-Prot

W32/A-d2b7439f

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.92913

11.2015-27-03_6

G Data

Win32.Application.InstallCore

15.3.24

herdProtect (fuzzy)

variant of glocard-250-gerenciador-32-bits.exe (Adware)

2015.7.2.4

IKARUS anti.virus

PUA.OSAppBundler

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.176.11378

McAfee

Artemis!24CECEDBEBBC

5600.6814

MicroWorld eScan

Gen:Variant.Zusy.92913

16.0.0.258

NANO AntiVirus

Riskware.Win32.InstallCore.dcnbfi

0.28.2.62286

Norman

InstallCore.WCDD

11.20150327

nProtect

Trojan/W32.Agent.677824.B

14.09.26.01

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.Bundler.ironSource

15.3.27.9

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.15325

Sophos

Install Core

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

9972

Trend Micro House Call

TROJ_GEN.F47V0201

7.2.86

Vba32 AntiVirus

Downware.InstallCore

3.12.24.3

VIPRE Antivirus

Adware.Win32.InstallCore.ba

27228

Zillya! Antivirus

Trojan.Injected.Win32.2

2.0.0.1935

File size:

661.9 KB (677,824 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\audacity-portable-203-gerenciador-32-bits.exe

Digital Signature

Signed by:

WorldSetup

Authority:

COMODO CA Limited

Valid from:

1/2/2014 10:00:00 PM

Valid to:

1/3/2015 9:59:59 PM

Subject:

CN=WorldSetup, O=WorldSetup, STREET=Lilienblum 28 St., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6513307, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6EEF11096F7B5CDC42244636F32F2208

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:uvp8lJO8VAvmRwtSTwL0Ja1RfgYWjrmcT0rNmcgIxnVgWFkATozhn:uvwO8RRwt85QTsUNm1IxV7FIhn

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.7873

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file audacity-portable-203-gerenciador-32-bits.exe has been seen being distributed by the following URL.

http://esd.superdownloads.com.br/programas/15152/.../audacity-portable-203-gerenciador-32-bits.exe

Remove audacity-portable-203-gerenciador-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.