home

block_youtube_adssetup_v1.0.1.4270.exe

PC-Gizmos LTD

The application block_youtube_adssetup_v1.0.1.4270.exe by PC-Gizmos has been detected as a potentially unwanted program by 11 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software-files-a.cnet.com.
Publisher:
PC-Gizmos LTD  (signed and verified)

MD5:
7c954519118ae388a10bddf857208896

SHA-1:
f8ed2a0294f8bc1a82563c1f82e575e821379b3c

SHA-256:
50a92cddc962f77d625607ae4213f59d0fef44edee2ecbc298cd489ef343576d

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 10:42:23 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Adware.Generic.500505
1.0.20.625

Dr.Web
Adware.InstallCore.75
9.0.1.0125

Emsisoft Anti-Malware
Adware.Generic.500505
8.14.05.05.12

ESET NOD32
Win32/InstallCore.BA (variant)
8.8432

F-Prot
W32/InstallCore.N.gen
v6.4.7.1.166

F-Secure
Adware.Generic.500505
11.2014-05-05_2

G Data
Adware.Generic.500505
14.5.22

K7 AntiVirus
Unwanted-Program
13.170.8831

MicroWorld eScan
Adware.Generic.500505
15.0.0.375

Reason Heuristics
PUP.Installer.PCGizmos.FF
14.5.5.12

Trend Micro House Call
TROJ_GEN.F47V1210
7.2.125

File size:
1 MB (1,097,792 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\block_youtube_adssetup_v1.0.1.4270.exe

Digital Signature
Signed by:
PC-Gizmos LTD

Authority:
COMODO CA Limited

Valid from:
5/16/2012 7:00:00 PM

Valid to:
5/17/2013 6:59:59 PM

Subject:
CN=PC-Gizmos LTD, OU=Web, O=PC-Gizmos LTD, STREET=1 Azrieli Center, STREET=19 floor, STREET=C/O BAS Law, L=Tel Aviv, S=Israel, PostalCode=67021, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008ED22FA36113DA901306BF9F7C731477

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:KM5Z+JOvFy8G7g0YIZ3G8ph3hpuRrY40HmfSz6IEMzc9IN/Jyi35ht8DCY/wMZP:KMMwy8GE0Y/8pLpulU1z6TQcIN/ttYLP

Entry address:
0xCD440

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, A4, 41, 00, E8, BE, CE, FF, FF, 0C, 83, 7B, 0C, 00, 75, 44, 8B, C3, E8, 35, FF, FF, FF, EB, 3B, 8B, 0A, 8B, 72, 04, 03, CE, 8B, F8, 03, 7B, 0C, 3B, CF, 75, 05, 29, 73, 0C, EB, 26, 8B, 0A, 03, 4A, 04, 89, 0C, 24, 2B, F9, 89, 7C, 24, 04, 8B, 12, 2B, D0, 89, 53, 0C, 8B, D4, 8B, C3, E8, D0, FE, FF, FF, 84, C0, 75, 04, 33, C0, EB, 0C, B0, 01, EB, 08, 8B, 1B, 3B, FB, 75, 85, 33, C0, 59, 5A, 5D, 5F, 5E, 5B, C3, 90, 53, 56, 57, 8B, DA, 8B, F0, 81, FE, 00, 00, 10, 00, 7D, 07, BE, 00...
 
[+]

Entropy:
6.8638

Developed / compiled with:
Microsoft Visual C++

Code size:
837.5 KB (857,600 bytes)

The file block_youtube_adssetup_v1.0.1.4270.exe has been seen being distributed by the following URL.

http://software-files-a.cnet.com/s/software/12/88/18/.../Block_Youtube_AdsSetup_v1.0.1.4270.exe

Remove block_youtube_adssetup_v1.0.1.4270.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.