home

film_melissa_p_15_ans_downloader.exe

SimpleFiles Installer

New Monte Inc

The application film_melissa_p_15_ans_downloader.exe by New Monte Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SimpleFiles installer. The file has been seen being downloaded from dlr8847.simple-files.info.
Publisher:
New Monte Inc  (signed and verified)

Product:
SimpleFiles Installer

Version:
1, 0, 511, 1

MD5:
8f1a03bba555e23c92272267e0610d20

SHA-1:
acc7b4795be10db8feb0e3a20f8ab85673142c65

SHA-256:
f5243b932cdfec78ecd5a3f13987c15e38c83878fb4a7a035fe2e6f91705ec95

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/8/2024 3:03:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blisbury (M)
17.3.14.9

File size:
4 MB (4,169,248 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://simple-files.com (C) 2014

Original file name:
SimpleFilesInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SimpleFiles

Language:
English

Common path:
C:\users\{user}\downloads\film_melissa_p_15_ans_downloader.exe

Digital Signature
Signed by:
New Monte Inc

Authority:
DigiCert Inc

Valid from:
12/1/2013 7:00:00 PM

Valid to:
12/6/2016 7:00:00 AM

Subject:
CN=New Monte Inc, O=New Monte Inc, L=Mahe, S=Seychelles, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EF12F8AD3F2DFB7CD5C8F46FEE59C5C

File PE Metadata
Compilation timestamp:
1/23/2015 5:58:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x46A0AD

Entry point:
0F, 82, 84, 71, FE, FF, 68, 6B, 95, E9, 8D, 60, 8D, 64, 24, 20, 0F, 8C, 62, 66, 07, 00, 54, 53, C7, 44, 24, 04, DF, 35, 99, E5, 66, C7, 04, 24, 18, B4, 8D, 64, 24, 04, E9, B8, 7C, 38, 00, 62, 81, 8F, E4, A6, 35, 32, 68, 5C, 5E, A6, D9, 7A, F3, 4A, F7, 53, 54, 86, A5, C5, 7A, 00, E3, 27, CC, 7E, FD, AD, 42, 3E, A9, 71, AE, 16, 21, DE, 09, 41, 7E, FE, CA, 91, 8C, CC, 98, B4, A4, BC, 6C, DE, E1, 83, C7, 88, 65, 6E, 00, CF, AE, A2, 03, 86, 72, 31, E7, BB, 6D, 23, 1C, 20, AA, E5, 98, 2A, BF, C0, 68, E2, 27, FB...
 
[+]

Code size:
972 KB (995,328 bytes)

The file film_melissa_p_15_ans_downloader.exe has been seen being distributed by the following URL.

http://dlr8847.simple-files.info/j5GDXm7dlnZj2KRMedmOE1GN4BhTrqptYrfgfi7602Es 9VhF/aaLkS9iWIb6MFXH nBQUKBix9YgY8wU4w8QBiYdxYklmAYGYB0Dy/FIqUtkHzkOT0orSJgbtAyZ1LnY3hN8gN0WvUDYAP8BXUX1wpvasQdVVffBF0A7DsOM9YfQBrU7lkq0NlaIoK6HiWn/WM8t692beWndWzhonBP4q97Q6LDDwG61TxQvptgSdLNZEXf01Ec24MFS9zcDbDEiFixxvpEu8nwTLTZvxmsQIZa WDv5fctteXpMve5h2Os48FigeT2coKpnCrM6tBNiqGEFsGSjQ2Cmd8Jkc24DprN8lRjiatZNYH7Bj/c5iY/.../9Y3OLyKJVbt22oT498=

Remove film_melissa_p_15_ans_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.