home

bcf5399a553a53dcfc20539ac2ddf681.exe

ADLSoft

The application bcf5399a553a53dcfc20539ac2ddf681.exe by ADLSoft has been detected as adware by 10 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.techtudo.com.br and multiple other hosts.
Publisher:
ADLSoft  (signed and verified)

MD5:
bcf5399a553a53dcfc20539ac2ddf681

SHA-1:
90427d5199b56ec25cf37432dd01ba5db6577688

SHA-256:
e932d4406d30ebdaf1fb135d147ddc281affad894355dade18e1ec9ba33a4bab

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download and install manager which may bundle various potentially unwanted software offers during setup.

Analysis date:
4/27/2024 2:24:26 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2014.02.06

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.129.216

Dr.Web
Adware.InstallCore.80
9.0.1.0102

ESET NOD32
Win32/InstallCore.AZ (variant)
8.9388

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.175.11086

McAfee
Artemis!BCF5399A553A
5600.7162

Reason Heuristics
PUP.ADLSoft.a
14.8.8.3

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14410

Sophos
Install Core ADLSoft
4.97

File size:
1.4 MB (1,443,968 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\bcf5399a553a53dcfc20539ac2ddf681.exe

Digital Signature
Signed by:
ADLSoft

Authority:
Thawte, Inc.

Valid from:
6/20/2012 8:00:00 PM

Valid to:
7/25/2014 7:59:59 PM

Subject:
CN=ADLSoft, O=ADLSoft, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C7950C7BFF384C5ABB93DD694E588E8

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Ll3UpT2+xLumKtsQELP5d0zdKUg7RUaD7cA5zc+ldK2eYx9QSc7OP:oT2+xLumKtsQELAzdKWAg0zTlk2l9yY

Entry address:
0xD5D70

Entry point:
55, 8B, EC, 83, C4, F0, B8, 84, 77, 41, 00, E8, 2C, D6, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0554

Developed / compiled with:
Microsoft Visual C++

Code size:
866 KB (886,784 bytes)

The file bcf5399a553a53dcfc20539ac2ddf681.exe has been seen being distributed by the following 3 URLs.

http://www.techtudo.com.br/_/software/.../download

http://s3.amazonaws.com/Adlsoft/.../ADLSoft_UnCompressor_v2_3.exe

http://adlsoft.net/products/free/releases/.../uncomp.php

Remove bcf5399a553a53dcfc20539ac2ddf681.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.