microsoft_toolkit_2_4_5_official_torrent.exe

Install Lab ltd.

The application microsoft_toolkit_2_4_5_official_torrent.exe by Install Lab ltd has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.torntv-tv.com and multiple other hosts.
Publisher:
Install Lab ltd.  (signed and verified)

MD5:
3a3e4f84e13ca92288b4f68532d26a5c

SHA-1:
e03f4d9ea58cf640bf4f306d3f05c69aae16f8f9

SHA-256:
c22f74427707dc94fadda998736b6152359ba684690bcd0706c15b15c41a79be

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
9/19/2018 2:46:53 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod180.Trojan
1.3.0.4261

Comodo Security
Application.Win32.MCool.D
17153

Dr.Web
Adware.Downware.1263
9.0.1.05

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2013.12.26.12

McAfee
Artemis!0C9E227FD4E4
5600.7259

McAfee Web Gateway
Artemis!0C9E227FD4E4
7.7259

Reason Heuristics
PUP.InstallLabltd.i
14.8.7.23

Sophos
CoolMirage
4.94

Trend Micro House Call
TROJ_GEN.F47V1015
7.2.5

VIPRE Antivirus
CoolMirage Ltd
22700

File size:
289.9 KB (296,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\microsoft_toolkit_2_4_5_official_torrent.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
10/13/2013 2:00:00 AM

Valid to:
10/14/2014 1:59:59 AM

Subject:
CN=Install Lab ltd., O=Install Lab ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
408CEA01026979279F7844366EFF6D80

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:tsH7KU+4MUAzeGjpUqgPpAtgf18VnNkqmXzBcytIBhQDz9N:wKU8jpUTPpAKsc9cQ+GT

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file microsoft_toolkit_2_4_5_official_torrent.exe has been seen being distributed by the following 9 URLs.

http://www.torntv-tv.com/.../DownloadSetup.exe

http://www.torntv-tv.com/.../Indiana_Jones_quadrilogia_1080p_ITA.exe

http://www.torntv-tv.com/.../Microsoft_Toolkit_2_4_5_Official_Torrent.exe

Remove microsoft_toolkit_2_4_5_official_torrent.exe - Powered by Reason Core Security