home

mainpackfull12.exe

The application mainpackfull12.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from cmp.oneclickdownloaer.com.
MD5:
702e0127818a0b22896d1ab6c11f4194

SHA-1:
3d715bdbd55546f95c3ce01b2625b78f038ee3de

SHA-256:
9a323343a2158f0188a5f927df6ce2eea509ce8401624562e7072f73c75eeb0d

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
5/26/2024 5:45:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.D
238

Arcabit
Application.Bundler.D
1.0.0.642

avast!
Win32:Oneclickdown-A [PUP]
2014.9-160611

AVG
AdInstaller.OneClickDownload
2017.0.2716

Bitdefender
Application.Bundler.D
1.0.20.815

Dr.Web
Trojan.AVKill.18440
9.0.1.0163

F-Secure
Application.Bundler.D
11.2016-11-06_7

G Data
Application.Bundler
16.6.25

McAfee
Artemis!702E0127818A
5600.6372

MicroWorld eScan
Application.Bundler.D
17.0.0.489

File size:
846.8 KB (867,143 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mainpackfull12.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:GKxOBmRvrFY1j/qMTICgPokT0APxXU0TkPTPb:HcmhrFY1rqAIDPG5ukPTPb

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9904

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file mainpackfull12.exe has been seen being distributed by the following URL.

http://cmp.oneclickdownloaer.com/MainPackFull12.exe

Remove mainpackfull12.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.