» installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe
Overview
Analysis
File Details
Downloads (1)

installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe

Descarga Segura LLC

The application installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe by Descarga Segura has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.wallsave.com.

File name:

Publisher:

Descarga Segura LLC (signed and verified)

MD5:

d986f47c707ec2fcaef9e67d42d972e8

SHA-1:

21999dd53c6ee9cd5785b4dc7d0a252eff4d54e5

SHA-256:

d575a1c1923a79e6dda81aaab16adbb6d05d072a3f8a0466ec73e45de235d467

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

5/7/2024 5:28:42 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/Descarga.A

7.11.157.120

avast!

Toolbar-O [Adw]

140617-1

AVG

Skodna.Bundle.d71

2015.0.3430

Comodo Security

ApplicUnwnt.Win32.Lollipop.C

18695

Dr.Web

Adware.Downware.1058

9.0.1.05190

Malwarebytes

PUP.BundleInstaller.DES

v2014.06.28.03

Microsoft Security Essentials

Threat.Undefined

1.177.1053.0

NANO AntiVirus

Riskware.Win32.Downware.cxpocl

0.28.0.60475

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.DescargaSegura.GG

14.6.28.3

Rising Antivirus

PE:Trojan.Win32.Generic.14C5B8A8!348502184

23.00.65.14626

Sophos

Descarga Segura

4.98

SUPERAntiSpyware

Adware.Lollipop/Variant

10517

VIPRE Antivirus

Threat.4782551

29708

File size:

377.6 KB (386,680 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe

Digital Signature

Signed by:

Descarga Segura LLC

Authority:

GoDaddy.com, Inc.

Valid from:

4/16/2012 4:10:02 PM

Valid to:

3/30/2013 5:26:34 PM

Subject:

CN=Descarga Segura LLC, O=Descarga Segura LLC, L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B7BB975505926

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Te34QK3SYir0EfLtmoBGPBYARqlXcs2qBRTyThNeqwiR37CK/yM:mzfR3BeqAeXcs2qBly9Neq/R+Uf

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8364

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe has been seen being distributed by the following URL.

http://www.wallsave.com/.../1831705

Remove installer_bowhunting_free_and_hunting_com_323841_wallpaper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.