home

filme.exe

Gerenciador de Download

BR SOFTWARE LLC

The application filme.exe by BR SOFTWARE has been detected as adware by 25 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.protetor.info and multiple other hosts.
Publisher:
ASSISTENTE DE DOWNLOAD  (signed by BR SOFTWARE LLC)

Product:
Gerenciador de Download

Version:
1.0.0

MD5:
1c1a63200115400bf28601790626c846

SHA-1:
990db22f6e63056000b61dd08a2447db9cc85588

SHA-256:
fc5cbc19ba918c81b2c799b8d68bc050d872f046d51e6d2328076c0ff6be0c4f

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
5/18/2024 9:30:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
Adware/PCMega.2.17
7.11.108.198

avast!
Win32:Downloader-RQC [PUP]
2014.9-131225

AVG
AdInstaller.G
2014.0.3618

Baidu Antivirus
AdWare.Win32.PCMega
4.0.3.131225

Bitdefender
Gen:Variant.Adware.PCMega.2
1.0.20.1795

Comodo Security
UnclassifiedMalware
17137

Dr.Web
Adware.Downware.376
9.0.1.0356

Emsisoft Anti-Malware
Gen:Variant.Adware.PCMega
8.13.12.22.05

ESET NOD32
Win32/Adware.PCMega
7.8944

Fortinet FortiGate
Adware/PCMega
12/25/2013

F-Prot
W32/Adware.AKQE
v6.4.7.1.166

G Data
Gen:Variant.Adware.PCMega
13.12.22

herdProtect (fuzzy)
variant of acelerador.exe (Adware)
2013.12.25.13

IKARUS anti.virus
Win32.Downloader.RDW
t3scan.2.0.127

K7 AntiVirus
Adware
13.173.9916

Malwarebytes
Adware.Bundler
v2013.12.25.01

MicroWorld eScan
Gen:Variant.Adware.PCMega.2
14.0.0.1077

Panda Antivirus
Trj/Downloader.VPT
13.12.25.01

Reason Heuristics
PUP.BRSOFTWARE.F
14.3.29.10

SUPERAntiSpyware
Trojan.Agent/Gen-ZAccess
10886

Trend Micro House Call
TROJ_GEN.RCBB1AV
7.2.356

Trend Micro
JOKE_ARCHSMS
10.465.22

VIPRE Antivirus
Trojan.Win32.Adware
22594

ViRobot
Backdoor.Win32.A.ZAccess.394869[UPX]
2011.4.7.4223

File size:
383 KB (392,152 bytes)

Product version:
1.0.0

Copyright:
© ASSISTENTE DE DOWNLOAD

Original file name:
acelerador.exe

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\filme.exe

Digital Signature
Signed by:
BR SOFTWARE LLC

Authority:
Starfield Technologies, Inc.

Valid from:
4/17/2012 7:18:35 PM

Valid to:
4/17/2013 4:03:06 PM

Subject:
CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, L=Lewes, S=DE, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B201CE7EB9204

File PE Metadata
Compilation timestamp:
5/6/2009 2:23:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:ffxjxvjpe238JMJRMVkvkcyc65DECBe2UQB343iTYOGQKnO+xHgtibOsH:ffnbsJiRQf9VnBe2U8ISUZQB+xHKibXH

Entry address:
0xFC6C0

Entry point:
60, BE, 00, 40, 4A, 00, 8D, BE, 00, D0, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
356 KB (364,544 bytes)

The file filme.exe has been seen being distributed by the following 2 URLs.

http://www.protetor.info/download/alot/.../filme.exe

http://www.publicidade.me/download/ads/.../filme.exe

Remove filme.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.