home

installer_ndrive_for_android_english.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_ndrive_for_android_english.exe by Free Software has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from domseo.com.edgesuite.net and multiple other hosts.
Publisher:
Free Software LLC  (signed and verified)

MD5:
033fa7068e2f1251b0c01a1dce86f462

SHA-1:
d2993c80b06ab686df90a1ef637d026e0075b7fa

SHA-256:
8eda5218c5a553f9d15a2ca699604efb1984e02155ceaeda753d8ca78ab77533

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:55:41 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
Adware/InstaCore.onb
7.11.170.222

AVG
Adware BundleApp_r.Z
2014.0.4015

Comodo Security
TrojWare.Win32.Agent.IEXT
19420

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Vittalia
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Vittalia
v2014.09.04.03

McAfee
CryptVittalia
5600.7017

Norman
Vittalia.AXXN
11.20140904

Reason Heuristics
PUP.FreeSoftware.e
14.9.4.14

VIPRE Antivirus
Threat.4782551
32210

Zillya! Antivirus
Trojan.Black.Win32.17248
2.0.0.1911

File size:
5.2 MB (5,501,928 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 12:08:01 PM

Valid to:
7/22/2015 1:23:49 PM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
7/8/2014 11:25:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:ws70+W/JzA9vqzT9guuhZxqkMrxSnIqHQaWjJd6nniSvi+WQ5QSjJR6rZb5DXGd:w0kG

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
192.5 KB (197,120 bytes)

The file installer_ndrive_for_android_english.exe has been seen being distributed by the following 2 URLs.

http://domseo.com.edgesuite.net/installers/out/008240082500826/piid-01234567899874563210012345678912/ax/downloadplex/english/seo/chrome/ndrive_for_android/d/782198027fc5094c479d3ef9a43b22b5/vit/.../installer_ndrive_for_android_English.exe

http://www.downloadplex.com/go.php?pro=372822&num=1&url=http://www.ndrive.com

Remove installer_ndrive_for_android_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.