gtaivpatch.exe

GTA IV Patch

NSIS

The application gtaivpatch.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from global-shared-files-lw.softonic.com and multiple other hosts.
Publisher:
NSIS

Product:
GTA IV Patch

Version:
2.2

MD5:
9f1259a5935e4813cf5595af47e996a7

SHA-1:
800381d403ff9978411f7c73c421f247aea690b2

SHA-256:
d245c522f9a3507ce3b27ca040b5e8aa0777de179cf44f9cddf72ba158938860

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
10/24/2017 7:02:46 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:InstMonetizer-CA [PUP]
2014.9-160321

ESET NOD32
Win32/InstallMonetizer.AN potentially unwanted
10.13208

McAfee Web Gateway
BehavesLike.Win32.Tool.fc
7.6454

Microsoft Security Essentials
SoftwareBundler:Win32/Stallmonitz
1.1.12505.0

Qihoo 360 Security
HEUR/QVM42.0.0000.Malware.Gen
1.0.0.1120

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
1020.8 KB (1,045,283 bytes)

Product version:
2

Copyright:
NSIS

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gtaivpatch.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:CIEdQIlaFKUAaCREVwSgmz/nspQs5u1PxBw/BRw3laFKUAaCB:CIkrL9RCSo1PzwpRiL9B

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file gtaivpatch.exe has been seen being distributed by the following 7 URLs.

http://global-shared-files-lw.softonic.com/800/381/.../GTAIVPatch.exe

https://mega.nz/temporary/.../4JoABI4a

http://gta4patch.uploadtobox.com/GTAIVPatch.exe

Remove gtaivpatch.exe - Powered by Reason Core Security