baixaki_adobe-reader.exe

Wizard

No Zebra Network Ltda.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application baixaki_adobe-reader.exe, “Wizard Setup ” by No Zebra Networka has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Adobe's free Reader but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fast   (signed by No Zebra Network Ltda.)

Product:
Wizard

Description:
Wizard Setup

Version:
5.5.1.1

MD5:
74acd345bf3a85d7c6c3f1a33622b636

SHA-1:
28f22d5922f6979ccefc95e43abed15627f55701

SHA-256:
022d922e5d633055258d71f8d22c93b6b48414fba3415ef914efe0da3abc0d09

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
2/26/2020 5:32:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.16.12

File size:
1.7 MB (1,795,056 bytes)

Product version:
5.7.9

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\baixaki_adobe-reader.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
8/23/2016 2:41:34 PM

Valid to:
8/24/2017 2:41:34 PM

Subject:
CN=No Zebra Network Ltda., O=No Zebra Network Ltda., L=Curitiba, S=Parana, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
13A5F901A29DB8B1C2402465

File PE Metadata
Compilation timestamp:
10/9/2012 5:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file baixaki_adobe-reader.exe has been seen being distributed by the following URL.

http://www.bitsgrabclean.com/xwt4eqEBF1UnRDqbJnJCj98jzvQhXfFnv_IsQGayGE_eO9eFPSzPm4 lqFny1Xu9yP5QJMai20J0F2_wobORibHtBO5ZwW_zZloUtzxRHmQ4By17hGuIbww40VbD2hP5o8kgi9lcdnpgTU9r2P1Y6QSekCsPywCU0DFZsCQcJB4Q2S3gB4VakcxBEC8Abwemt4TYbW9U1eZqRB YHNslGRIkj8MTntGdRNhELZX1OwixsY8bcQKm4dJpmVkpVDNgu_msT2pI8I7yEIKMREEZ5oZofhif_Zh04J1lgVMZB6RxxnvlDzUQ8F9Q169gth0FNV3bpVH36AEhfnYqfp yAqh3ZdU15b2jlYr yA16nQZhxUtxcCWB9DNxYPMh0LRFNP84wvovWK4rn yFEsjB9nJxofmOGDOFievdR1wv_yXlzA4T0yPh9tTvwEIsVFpuy4H_7NE FWoDSSlX0P86oCNIachJYm9T9qjozXtI 78gz9sjBvRaV0vLErlTrdrKk8TxHHzw8pUiZhaebTqe7dZ8JOfQXw==-GyYAAMSuRrEtktHiWwXKzXUhpcwikMTAkxqXBT9rVgYRS_z4kbGiXwM=

Remove baixaki_adobe-reader.exe - Powered by Reason Core Security