» insa48c.tmp.exe
Overview
Analysis
File Details

insa48c.tmp.exe

Actually Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application insa48c.tmp.exe by Actually Apps has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

insa48c.tmp.exe

Publisher:

Actually Apps (signed and verified)

MD5:

afa223cbfae333484337369eed29fb72

SHA-1:

6e60696674a7fa02a5ff6ea40012e90e6ac9b168

SHA-256:

b29d9b636b679ad6364143753871e103872358853d45e2e08a3fff5baeb0da70

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/25/2024 9:13:43 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Actuallyapps

2015.0.3313

Clam AntiVirus

Win.Trojan.Agent-785758

0.98/21411

ESET NOD32

Win32/AdWare.SmartApps

8.10604

Malwarebytes

PUP.Optional.ActuallyApps.A

v2014.10.22.04

Reason Heuristics

PUP.ActuallyApps.K

14.10.22.16

VIPRE Antivirus

Threat.4750557

33706

Zillya! Antivirus

Dropper.Agent.Win32.171818

2.0.0.1964

File size:

1.8 MB (1,899,944 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\insa48c.tmp.exe

Digital Signature

Signed by:

Actually Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2014 1:00:00 AM

Valid to:

5/1/2015 12:59:59 AM

Subject:

CN=Actually Apps, O=Actually Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

76114195147F3D93DF9D38DD306DA63A

File PE Metadata

Compilation timestamp:

8/12/2014 12:06:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:2elJemVgokLyXW73im019kvTgjNX/VKshMezyyg1fbHtyy5r8HdbB2l4Bb/AJ6nk:F6Ka3GNPVUeAnyyUFjBbIt056

Entry address:

0x3375

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, FC, 42, 00, E8, 28, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, FB, 42, 00, 8D, 44, 24, 38, 50, 53, 68, DB, 73, 40, 00, FF, 15, 58, 71, 40, 00, 68, D0, 73, 40, 00, 68, C0, F3, 42, 00, E8, 07, 24, 00, 00, FF, 15, AC, 70, 40, 00, 50, BF, 00, 50, 43, 00, 57, E8, F5, 23, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove insa48c.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.