» highlightly.exe
Overview
Analysis
File Details
Downloads (5)

highlightly.exe

Highlightly

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application highlightly.exe, “Highlightly Setup” by Highlightly has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net and multiple other hosts.

File name:

highlightly.exe

Publisher:

Highlightly (signed and verified)

Product:

Highlightly

Description:

Highlightly Setup

Version:

1.9.0.0

MD5:

1049f0dace8c7219f87b109e3c81fcf6

SHA-1:

c0385a50ee3a742f6bad6644195c217e6b52ebea

SHA-256:

daf53db6f6b19b825f428e38e4abd4f65e324bf9e552b38e2dc3ccce20c206c3

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

4/24/2024 5:19:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NXU

1058

Bitdefender

Adware.Agent.NXU

1.0.20.365

Dr.Web

Adware.Plugin.101

9.0.1.0361

Emsisoft Anti-Malware

Adware.Agent.NXU

8.14.03.14.12

F-Secure

Adware.Agent.NXU

11.2014-14-03_6

G Data

Adware.Agent.NXU

14.3.24

IKARUS anti.virus

AdWare.Agent

t3scan.2.2.29

MicroWorld eScan

Adware.Agent.NXU

15.0.0.219

nProtect

Adware.Agent.NYA

14.03.13.01

Reason Heuristics

PUP.Installer.Highlightly.L

14.3.14.0

File size:

1.1 MB (1,175,728 bytes)

Product version:

1.9.0.0

Original file name:

highlightly-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\software\highlightly.exe

Digital Signature

Signed by:

Highlightly

Authority:

GlobalSign nv-sa

Valid from:

6/3/2013 3:25:40 PM

Valid to:

6/4/2014 3:25:40 PM

Subject:

E=support@gethighlightly.com, CN=Highlightly, OU=Highlightly, O=Highlightly, L=La Jolla, S=CA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121971480A12BD051AA09DCE9072375C4F7

File PE Metadata

Compilation timestamp:

12/5/2009 4:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:YVwO9tuXrIHKAH2Ch3HppGMVnDrCqalPntKj5tyD:gZtuXrIJHhhlDmqalPnmC

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.8666

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file highlightly.exe has been seen being distributed by the following 5 URLs.

http://d3emsmln8xfj03.cloudfront.net/bundles/.../highlightly-setup-1.9.0.0.exe

http://d1t653m828c3x8.cloudfront.net/bundles/.../highlightly-setup-1.9.0.0.exe

http://cdn.airdlr9.com/downloads/offers/.../highlightly-setup-1.9.0.0.exe

http://d2ovenarvh9jbe.cloudfront.net/.../highlightly-setup-1.9.0.0.exe

http://gethighlightly.com/.../offline-installer

Remove highlightly.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.