home

chief_architect_premiere_x5_(x86-x64).exe

The application chief_architect_premiere_x5_(x86-x64).exe has been detected as a potentially unwanted program by 26 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. While running, it connects to the Internet address ptr-216-8-179-25.ptr.nextdimensioninc.com on port 80 using the HTTP protocol.
MD5:
7becd300919f30e25137fccee1488675

SHA-1:
ffca0590ae901a3cfcea6dbabb505a680996dac2

SHA-256:
274d9bc89eadcb80e229899ae179169243c8f2354d4480ddf1441033e71862ff

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 6:59:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1221491
5732618

AhnLab V3 Security
Adware/Win32.Toolbar
2015.06.20

Avira AntiVirus
PUA/Montiera.osld
8.3.1.6

avast!
NSIS:InstMonetizer-AE [PUP]
2014.9-150620

AVG
OpenCandy
2016.0.3073

Clam AntiVirus
Win.Adware.Delbar
0.98/18355

Comodo Security
Application.Win32.Babylon.TK
18102

Dr.Web
Adware.Downware.1540
9.0.1.0171

ESET NOD32
Win32/Toolbar.Montiera.I potentially unwanted application
7.0.302.0

F-Prot
W32/OpenCandy.A2.gen
v6.4.7.1.166

F-Secure
Adware.Agent.PCK
11.2015-20-06_7

G Data
Win32.Adware.OpenCandy
15.6.25

herdProtect (fuzzy)
variant of a_nightmare_on_elm_street_(1984)_dvdrip_eng_xvid_ac3_mkv_[bigjaz.exe
2015.8.6.15

IKARUS anti.virus
PUA.Downloader
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16308

Kaspersky
not-a-virus:AdWare.Win32.DelBar
14.0.0.1859

Malwarebytes
PUP.Optional.OpenCandy
v2015.06.20.06

McAfee
PUP-FDM!A331676C62D6
5600.6729

MicroWorld eScan
Adware.Agent.PCK
16.0.0.513

NANO AntiVirus
Riskware.Win32.OpenCandy.dqxwfk
0.30.24.2086

nProtect
Trojan-Clicker/W32.DelBar.7050104
15.06.19.01

Rising Antivirus
NSIS:PUF.HiddenInstaller!1.9C64
23.00.65.15618

Trend Micro House Call
TROJ_SPNV.03KI13
7.2.171

Trend Micro
TROJ_SPNV.03KI13
10.465.20

Vba32 AntiVirus
AdWare.DelBar
3.12.26.4

VIPRE Antivirus
Ividi
28214

File size:
6.7 MB (7,050,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\chief_architect_premiere_x5_(x86-x64).exe

File PE Metadata
Compilation timestamp:
2/24/2012 3:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:E2XHJBVFtP4/DvRpWHm6TuZ8tIDkxDpDXJ:EmJFWfyTuZ8mIxh

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9937

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ptr-216-8-179-25.ptr.nextdimensioninc.com  (216.8.179.25:80)

Remove chief_architect_premiere_x5_(x86-x64).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.