home

imagine dragons - radioactive.exe

Moshe Caspi

This program bundles adware during the download and install process using the InstaleRex pay-per-install app monetizer. The application imagine dragons - radioactive.exe, “Installer for SoftSafe” by Moshe Caspi has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
SoftSafe  (signed by Moshe Caspi)

Product:
SoftSafe

Description:
Installer for SoftSafe

Version:
2013.3.24.1715

MD5:
6b77a0e59f1afe206b591e8ed26856ce

SHA-1:
21f60f063166b23ad5c42488d908ea1afa282693

SHA-256:
e0980bbc0f4763f7792ee4d57ad7fb8804a6c013ebda258f33c15ead4ceec323

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/25/2024 12:28:05 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.StartPage
2014.11.03

Avira AntiVirus
ADWARE/InstallRex.Gen
7.11.182.198

avast!
Win32:Downloader-UZF [PUP]
141025-0

AVG
Adware AdInstaller.P
2014.0.4189

Bkav FE
W32.FamVT.AntiFWK.Trojan
1.3.0.6185

Comodo Security
Application.Win32.Agent.V
19974

Dr.Web
Adware.Downware.1166
9.0.1.05190

ESET NOD32
Win32/InstalleRex.I potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstalleRex
11/2/2014

F-Prot
W32/AdInstall.D.gen
4.6.5.141

G Data
Win32.Application.InstalleRex
14.11.24

K7 AntiVirus
Riskware
13.185.13866

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.InstalleRex
v2014.11.02.02

NANO AntiVirus
Riskware.Win32.Agent.crfikt
0.28.6.62995

nProtect
Backdoor/W32.Agent.289768
14.10.31.01

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.B5
11.14.14.00

Reason Heuristics
Adware.WebPick.Installer.DD
14.11.2.14

Rising Antivirus
PE:Malware.Agent!6.191
23.00.65.141031

Sophos
InstallRex
4.98

SUPERAntiSpyware
Adware.InstalleRex/Variant
10262

Vba32 AntiVirus
Downware.TSU
3.12.26.3

VIPRE Antivirus
Threat.14871
34232

Zillya! Antivirus
Adware.InstallCloud.Win32.1
2.0.0.1974

File size:
283 KB (289,768 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2012 SoftSafe

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
WebPick InstalleRex (Tarma)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\imagine dragons - radioactive.exe

Digital Signature
Signed by:
Moshe Caspi

Authority:
COMODO CA Limited

Valid from:
8/1/2012 8:00:00 PM

Valid to:
8/2/2013 7:59:59 PM

Subject:
CN=Moshe Caspi, O=Moshe Caspi, STREET=Hashuk 39, L=Tel Aviv, S=Israel, PostalCode=66067, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B1B859272556EC39AF8F0E4A626C2ADC

File PE Metadata
Compilation timestamp:
3/12/2013 4:51:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:+rkb9uEo2S1YnQmCX492DkwNP3qpYF6mYj4IEvKavM2xx0J30F/KTHJ4yWEIs:+rkRu6/eIo4eVIEvFM2KkZKTphb

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9515

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file imagine dragons - radioactive.exe has been seen being distributed by the following URL.

http://www.storebox1.info/v691/?product_name=Imagine Dragons - Radioactive.mp3&filesize=2891KB&product_title=Audio Downloader&installer_file_name=Imagine Dragons - Radioactive&product_file_name=v691.mp3&product_download_url=http://www.video2mp3.net/load/YouTube/eu-xFvLaE68/.../&uuid=

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

TCP (HTTP):
Connects to c1.stylezip.info  (54.186.255.26:80)

 
http://c1.stylezip.info/?step_id=1&installer_id=12876276&publisher_id=287&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=38628828&external_id=0&session_id=77257656&hardware_id=90133932&installer_file_name=imagine+dragons+-+radioactive

Remove imagine dragons - radioactive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.