fileviewerlite133-setup.exe

Download Verified

The application fileviewerlite133-setup.exe by Download Verified has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.downloadtrunk115.com.
Publisher:
Program New System Installer  (signed by Download Verified)

Product:
Program New System Installer

Version:
60.0.5.5379

MD5:
d3d08a756c2e34b5a8e1bb8184a6411d

SHA-1:
d6c7aa0d29e163ae0f0a60cb7f43e1d53e2d8965

SHA-256:
db10a52863f1fe91a06490fa9be7dec6308544cd4466da9728dd72d7346e25cc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
6/2/2020 9:25:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin (M)
17.2.25.3

File size:
759.2 KB (777,408 bytes)

Product version:
60.0.5.5379

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fileviewerlite133-setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/5/2015 5:30:00 AM

Valid to:
2/6/2016 5:29:59 AM

Subject:
CN=Download Verified, O=Download Verified, L=san francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
374F6915B9875363C2CF0BCF19A679AF

File PE Metadata
Compilation timestamp:
9/20/2014 8:16:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1EFE50

Entry point:
60, BE, 00, 60, 53, 00, 8D, BE, 00, B0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9211

Packer / compiler:
UPX 2.90LZMA

Code size:
748 KB (765,952 bytes)

The file fileviewerlite133-setup.exe has been seen being distributed by the following URL.

http://files4.downloadtrunk115.com/download/.../dl?bc=1191997&pid=sharpened&brand=sharpened.com&country=IN&cb=-1823755587&osName=Windows&osVersion=7&browserName=IE&browserVersion=11&zTmp=1&executable=1187035

Remove fileviewerlite133-setup.exe - Powered by Reason Core Security