home

blubster_4.0.4.exe

Max Setup

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application blubster_4.0.4.exe by Max Setup has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dld.oinst02.eu.
Publisher:
Max Setup  (signed and verified)

MD5:
973b6b9d520f3597f71ec16ec141b535

SHA-1:
c1bf65de6505fe3b5b607a25b2f30b5f0481bb1e

SHA-256:
02a560184baa253c3a04f3a9633063a17f2fcded94d7050a59b43226fbd0cccc

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 4:48:49 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.150.164

avast!
Win32:Adware-gen [Adw]
2014.9-140915

AVG
InstallCore
2015.0.3351

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.14915

Comodo Security
ApplicUnwnt
19494

Dr.Web
Trojan.Packed.24524
9.0.1.0258

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
9/15/2014

F-Prot
W32/A-f87039a3
v6.4.7.1.166

G Data
Win32.Application.InstallCore
14.9.24

herdProtect (fuzzy)
variant of 20140518131556.452.exe (Adware)
2014.11.13.9

IKARUS anti.virus
Backdoor.Win32.Hupigon
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.177.12128

Malwarebytes
PUP.Optional.InstallCore
v2014.09.15.02

McAfee
Artemis!973B6B9D520F
5600.7007

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.MaxSetup.M
14.9.15.2

Sophos
Install Core Click run software
4.98

Trend Micro House Call
Suspicious_GEN.F47V0724
7.2.258

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
Threat.4788237
29396

File size:
688.1 KB (704,576 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\blubster_4.0.4.exe

Digital Signature
Signed by:
Max Setup

Authority:
COMODO CA Limited

Valid from:
3/11/2014 1:00:00 AM

Valid to:
3/12/2015 12:59:59 AM

Subject:
CN=Max Setup, O=Max Setup, STREET=Lillienblam 28, L=Tel Aviv, S=Tel Aviv, PostalCode=651307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008F6F1294DBB38F9F80A7A06DE489DF45

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WnvpS1w3sPVESMn/QLPNPjQ6XlsZwOcmxwaxIxVdWYRJJJkXu19TDbJ:WnvUq3sdW/qjQ6X5OlwaxInddLkunPb

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8586

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file blubster_4.0.4.exe has been seen being distributed by the following URL.

http://dld.oinst02.eu/.../Blubster_4.0.4.exe

Remove blubster_4.0.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.