» flv2pcinstaller.exe
Overview
Analysis
File Details
Downloads (1)

flv2pcinstaller.exe

Nextup

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application flv2pcinstaller.exe by Nextup has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from i.greatappsfree.com.

File name:

flv2pcinstaller.exe

Publisher:

Nextup (signed and verified)

Version:

1.0.0.5

MD5:

aa3d2b501fae67b3e42a64924f3778ac

SHA-1:

74db7b292703489b89b336bda9e6085b3e1c8e3c

SHA-256:

c2ee8e5f8d1f0b71d77337d11106bc0e7f626b30b1b1a3ca20001f861089ba40

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 8:09:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adknowledge.Nextup.Bundler (M)

16.2.13.8

File size:

594.5 KB (608,800 bytes)

Product version:

1.0.0.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\flv2pcinstaller.exe

Digital Signature

Signed by:

Nextup

Authority:

COMODO CA Limited

Valid from:

5/22/2014 2:00:00 AM

Valid to:

5/23/2015 1:59:59 AM

Subject:

CN=Nextup, O=Nextup, STREET=10900 NE 8TH ST, STREET=STE 1000, L=Bellevue, S=WA, PostalCode=98004, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C705E6F899AC0C37A4458683DB2745BB

File PE Metadata

Compilation timestamp:

6/2/2014 11:38:23 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:R2+SkudwTvelQUvoCSo5EbrQtKg0Th2X7XKsHOn8eonqxq+t:+kuAeQUvNSoS0C4X9Qf4qxq0

Entry address:

0x22565

Entry point:

E8, A6, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, D8, EC, 47, 00, E8, 65, 2C, 00, 00, 6A, 0E, E8, E6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 54, 7F, 48, 00, BA, 50, 7F, 48, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, AD, B4, FF, FF, 59, FF, 76, 04, E8, A4, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 54, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, B2, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B... 
[+]

Code size:

398.5 KB (408,064 bytes)

The file flv2pcinstaller.exe has been seen being distributed by the following URL.

http://i.greatappsfree.com/stub/NEXTUP/.../Flv2PCInstaller.exe

Remove flv2pcinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.