home

{blocked}.exe

SimpleFiles Installer

New Monte Inc

The application {blocked}.exe by New Monte Inc has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the SimpleFiles installer. The file has been seen being downloaded from dlr8847.simple-files.info.
Publisher:
New Monte Inc  (signed and verified)

Product:
SimpleFiles Installer

Version:
1, 0, 466, 1

MD5:
af95f0689e6389df346bcb0cdaf00ea6

SHA-1:
d8e8bacb66edaaa5ec3dfe93edfb14b7ca59a2fc

SHA-256:
0138f38f275aa965d387e70e48456f5571c62f4b7cab3524134e59d8a5845745

Scanner detections:
7 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 6:20:04 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen4
7.11.198.40

AVG
Generic
2015.0.3248

Dr.Web
Adware.Downware.9447
9.0.1.05190

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Installer.NewMonte.j
14.12.26.21

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141224

VIPRE Antivirus
Threat.4783941
35418

File size:
3.7 MB (3,844,584 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://simple-files.com (C) 2014

Original file name:
SimpleFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\jab-comix-my-hot-ass-neighbour_downloader.exe

Digital Signature
Signed by:
New Monte Inc

Authority:
DigiCert Inc

Valid from:
12/1/2013 4:00:00 PM

Valid to:
12/6/2016 4:00:00 AM

Subject:
CN=New Monte Inc, O=New Monte Inc, L=Mahe, S=Seychelles, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EF12F8AD3F2DFB7CD5C8F46FEE59C5C

File PE Metadata
Compilation timestamp:
12/16/2014 7:58:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:cXFl9S5MBAq6w8qge/6KbZiYHRmFIDJA4:cf0g6PqD6gsx4

Entry address:
0x75753C

Entry point:
E8, 44, 34, FE, FF, F5, F5, 01, C2, 9C, 8D, 64, 24, 04, E9, 88, 84, CB, FF, 2A, E2, 5A, 47, E9, 7B, 1D, AB, AA, 52, CE, 86, 73, E6, 28, 5A, 12, 6B, 71, 18, A5, 7A, 5E, 1C, 40, 6D, 80, 4B, 71, C4, B8, 59, F3, C6, 66, CF, 7E, AD, 71, 90, D8, 2A, 91, 9D, 95, 8D, DF, 75, 13, 18, 13, A9, 33, 9E, 5D, 21, D8, 17, 21, 63, 6E, 3E, 69, 3F, 73, 10, 17, 5D, E0, 25, 0C, 37, AE, CA, 8F, FC, 4C, 85, D3, 48, 70, 9D, 10, E4, 83, BC, 81, ED, 59, 47, 42, 94, 14, 0F, A4, 86, CE, 02, 85, 01, 41, 90, 2E, C3, D0, 11, A2, D3, 5B...
 
[+]

Entropy:
7.9259  (probably packed)

Code size:
971 KB (994,304 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

http://dlr8847.simple-files.info/j5GPdkCdinRL/ZUSR H8C0Ho AZBk/QFU42aB1iHtAE4uJZqE TYYhDg3mse4dcQW76cAw/RyVsC0chaHJhgAUqCYAUdmW1GddJ5DSued oto2H ImUks3BnceY5YxyieHhB5D14RugSKVn3D3lV0AB5QYkRT1SNAkBO8BlHNN0KXjyKxXJvyeNVIeDpVDig5WM7qK9wf7/.../8epiGn4aRInqLxaOftzzW97dEqz6GPa5T7yWqJ7O5KiqGEEtTS2EWSmYwbypr5FYqRsg==

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.