home

groovestream.exe

TODO:

iBryte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application groovestream.exe, “Groove Stream ” by iBryte has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The file has been seen being downloaded from install.ibryte.com.
Publisher:
iBryte  (signed and verified)

Product:
TODO: <Product name>

Description:
Groove Stream

Version:
1.0.0.1

MD5:
d1e8d8ac4c40d2ff317635d757517fbd

SHA-1:
f0df58dd2bde6520a23bf4d899f5b80332c019f2

SHA-256:
0efb634de421b23d575ccfff4f30b0c5ce221d643999bb6c5fa7389abe9a0e7a

Scanner detections:
32 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 5:00:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.iBryte.B
395

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.IBryte
2015.01.12

Avira AntiVirus
Adware/Groove.72465
7.11.30.172

avast!
Win32:Adware-ZA [PUP]
2014.9-160106

Bitdefender
Adware.iBryte.B
1.0.20.30

Bkav FE
HW32.Laneul
1.3.0.4959

Clam AntiVirus
Adware.Ibryte-8
0.98/21511

Comodo Security
Application.Win32.AgentCV.HWYE
20680

Dr.Web
Adware.Downware.162
9.0.1.06

Emsisoft Anti-Malware
Adware.iBryte
8.16.01.06.10

ESET NOD32
Win32/Adware.iBryte.A application
10.7.0.302.0

Fortinet FortiGate
Riskware/IBryte
1/6/2016

F-Prot
W32/iBryte.A
v6.4.6.5.141

F-Secure
Adware.iBryte.B
11.2016-06-01_4

G Data
Adware.iBryte
16.1.24

K7 AntiVirus
Unwanted-Program
13.190.14603

Kaspersky
not-a-virus:HEUR:Adware.Win32.iBryte
14.0.0.858

Malwarebytes
Adware.IBryte
v2016.01.06.10

MicroWorld eScan
Adware.iBryte.B
17.0.0.18

NANO AntiVirus
Riskware.Win32.IBryte.ctmpdb
0.30.0.64448

Norman
Adware.iBryte.B
11.20160106

nProtect
Adware.iBryte.B
15.01.09.01

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Adknowledge.iBryte.Bundler (M)
16.1.6.10

Sophos
PUA 'iBryte Installer' (of type Adware)
59

SUPERAntiSpyware
PUP.iBryte
9402

Trend Micro House Call
TROJ_AGENT_043141.TOMB
7.2.6

Trend Micro
TROJ_AGENT_043141.TOMB
10.465.06

Vba32 AntiVirus
Adware.iBryte.Downloader.11205
3.12.26.3

VIPRE Antivirus
Threat.4745967
36468

Zillya! Antivirus
Trojan.Genome.Win32.142098
2.0.0.2032

File size:
687.2 KB (703,664 bytes)

Product version:
1.0.0.1

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\groovestream.exe

Digital Signature
Signed by:
iBryte

Authority:
VeriSign, Inc.

Valid from:
6/16/2010 5:00:00 PM

Valid to:
6/16/2012 4:59:59 PM

Subject:
CN=iBryte, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iBryte, L=New Castle County, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B2B3E2D634718E9BD4D41725481BAF3

File PE Metadata
Compilation timestamp:
10/6/2011 8:24:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:zDUUsHeliPHSvj49ZqxXqId7JYZRCCkIAWppYwS6rXt1cn1a17h81pBiR8A5peRF:3JiPHZqxXqINJYLUIAopYw5An1a1cMyf

Entry address:
0x61EBA

Entry point:
E8, 23, EB, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8B, 4D, 08, 53, 8B, 5D, 0C, 56, 57, 33, FF, 89, 4D, F8, 89, 5D, FC, 39, 7D, 10, 74, 21, 39, 7D, 14, 74, 1C, 3B, CF, 75, 1F, E8, 13, 09, 00, 00, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, 57, E8, 5E, D4, FF, FF, 83, C4, 14, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 75, 18, 3B, F7, 74, 0D, 83, C8, FF, 33, D2, F7, 75, 10, 39, 45, 14, 76, 21, 83, FB, FF, 74, 0B, 53, 57, 51, E8, A5, C9, FF, FF, 83, C4, 0C, 3B, F7, 74, B9, 83, C8, FF, 33, D2, F7, 75, 10...
 
[+]

Entropy:
6.3823

Code size:
511.5 KB (523,776 bytes)

The file groovestream.exe has been seen being distributed by the following URL.

http://install.ibryte.com/o/.../GrooveStream.exe

Remove groovestream.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.