home

cnet_ultimatevicecity2_exe.exe

CNET Download.com Installer

CBS Interactive, Inc.

The application cnet_ultimatevicecity2_exe.exe by CBS Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software-files-arl.cnet.com and multiple other hosts.
Publisher:
CBS Interactive  (signed by CBS Interactive, Inc.)

Product:
CNET Download.com Installer

Version:
1.2.3.0

MD5:
c84e000fed68e8688249a1874d97d33a

SHA-1:
42305a968e35c520f9d0d0159857ee76e476dc59

SHA-256:
73f393ff9de839a2bde65e91336883905e0a5821ffefea45be8d30998a828825

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 7:17:13 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Comodo Security
Heur.Suspicious
17740

Dr.Web
Adware.InstallCore.2
9.0.1.0132

ESET NOD32
Win32/InstallCore (variant)
8.9389

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

G Data
Win32.Trojan.Agent.AM83Y7
14.5.24

Reason Heuristics
Bundler.PPI.CBSInteractive.X
14.8.1.0

Rising Antivirus
PE:PUF.InstallCore!1.9DE1
23.00.65.14510

SUPERAntiSpyware
PUP.CNETInstaller
10609

Trend Micro House Call
TROJ_GEN.F47V1218
7.2.132

Vba32 AntiVirus
WebToolbar.InstallCore
3.12.24.3

File size:
443.5 KB (454,120 bytes)

Product version:
1.2.3.0

Copyright:
CBS Interactive

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
Language Neutral

Digital Signature
Signed by:
CBS Interactive, Inc.

Authority:
DigiCert Inc

Valid from:
7/9/2011 2:00:00 AM

Valid to:
7/12/2013 2:00:00 PM

Subject:
CN="CBS Interactive, Inc.", O="CBS Interactive, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0203D2F5E7ABE93E2FC72BD3381C32C0

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:OA+SBz0oAt5c/572jwhhwVgS0YYljRKSVAQSeTrJQOcsPWWqXMsZ1RdHnW++PgqS:JBzKc/5721VghlVP1TlQEW5XvzjJqed

Entry address:
0xFE560

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, B7, 0B, 00, 7E, 0B, 1C, 4D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
380 KB (389,120 bytes)

The file cnet_ultimatevicecity2_exe.exe has been seen being distributed by the following 2 URLs.

http://software-files-arl.cnet.com/s/software/10/24/84/.../cnet_ultimatevicecity2_exe.exe

http://software-files-lrl.cnet.com/s/software/10/24/84/.../cnet_ultimatevicecity2_exe.exe

Remove cnet_ultimatevicecity2_exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.