» fundamentals of ceramic powder processing and synthesis pdf.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

fundamentals of ceramic powder processing and synthesis pdf.exe

SoftApp

Artur Kozak

The installer which is distributed via file sharing sites such as TusFiles uses the 'download manager' which wraps the original file in a adware filled bundle. The application fundamentals of ceramic powder processing and synthesis pdf.exe, “Installer for SoftApp” by Artur Kozak has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

SetApp (signed by Artur Kozak)

Product:

SoftApp

Description:

Installer for SoftApp

Version:

2014.1.29.1621

MD5:

8226697eb83414ebfde755a658c3c23b

SHA-1:

db58396f066d2f31d7ad00bcaf763a46286a77c7

SHA-256:

7530751dc4a1b02b73745023cf33870c987df55abdfde46f193bdf3491e8f768

Scanner detections:

30 / 68

Status:

Adware

Explanation:

This bunder users the InstalleRex from WebPick Internet Holdings to install add-ons such as web browser extensions, coupon plugins (WebSave) and toolbars distributed via the tusfiles.net download site.

Analysis date:

4/25/2024 11:58:01 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11228699

936

AhnLab V3 Security

PUP/Win32.TSULoader

2014.07.14

Avira AntiVirus

Adware/Adload.ger

7.11.160.132

avast!

Win32:InstalleRex-AH [PUP]

140617-1

AVG

Generic

2015.0.3414

Bitdefender

Trojan.Generic.11228699

1.0.20.970

Bkav FE

HW32.CDB

1.3.0.4959

Clam AntiVirus

Win.Trojan.Installerex-53

0.98/19168

Comodo Security

Application.Win32.InstalleRex.KG

18849

Dr.Web

Adware.Downware.1541

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.11228699

8.14.07.13.12

ESET NOD32

Win32/InstalleRex.M potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/InstalleRex

7/13/2014

G Data

Trojan.Generic.11228699

14.7.24

IKARUS anti.virus

PUP.InstallRex

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.180.12701

Kaspersky

Trojan.Win32.AntiFW

15.0.0.494

Malwarebytes

PUP.Optional.Tarma

v2014.07.13.12

MicroWorld eScan

Trojan.Generic.11228699

15.0.0.582

NANO AntiVirus

Riskware.Win32.Downware.ctkpgp

0.28.0.60698

nProtect

Trojan.Generic.11228699

14.07.13.01

Panda Antivirus

PUP/TSUploader

14.07.13.12

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.AntiFW.A5

7.14.14.00

Reason Heuristics

Adware.WebPick.Installer.FF

14.8.8.0

Rising Antivirus

PE:Malware.Adload!6.13C0

23.00.65.14711

Sophos

InstallRex

4.98

Vba32 AntiVirus

Downware.TSU

3.12.26.3

VIPRE Antivirus

Threat.4753027

31208

Zillya! Antivirus

Trojan.AntiFW.Win32.50

2.0.0.1857

File size:

313.8 KB (321,304 bytes)

Product version:

1.0.0.2

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\fundamentals of ceramic powder processing and synthesis pdf.exe

Digital Signature

Signed by:

Artur Kozak

Authority:

COMODO CA Limited

Valid from:

8/22/2013 4:30:00 AM

Valid to:

8/23/2014 4:29:59 AM

Subject:

CN=Artur Kozak, O=Artur Kozak, STREET=Parkovaya 19, L=Kyiv, S=Kyiv, PostalCode=04078, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E03731FB48F020DDF5953B6498B83BC6

File PE Metadata

Compilation timestamp:

3/12/2013 12:21:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:VrK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0Lx:Vryu6/eIo4vMResyEf0uP9d9UG0x

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Entropy:

7.9529

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file fundamentals of ceramic powder processing and synthesis pdf.exe has been seen being distributed by the following URL.

http://www.pdfebooksx.com/download.php?t=epom&name=Fundamentals of Ceramic Powder Processing and Synthesis

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to r1.getapplicationmy.info (54.201.215.30:80)

TCP (HTTP):

Connects to c1.getapplicationmy.info (54.201.215.30:80)

http://c1.getapplicationmy.info/?step_id=1&installer_id=7736194&publisher_id=715&source_id=0&page_id=0&affiliate_id=0&country_code=ES&locale=EN&browser_id=2&download_id=8336199&external_id=7766284

Remove fundamentals of ceramic powder processing and synthesis pdf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.