» mymusictubesetup_ch.exe
Overview
Analysis
File Details

mymusictubesetup_ch.exe

NCIS Technologies Limited

The application mymusictubesetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

NCIS Technologies Limited (signed and verified)

MD5:

04292ad313c3cf78c29ee047d7aeeff9

SHA-1:

1aeb8feb94c07f638041bbb16192d1e247f1a0d2

SHA-256:

e3111809e77595363e0c6fbd3084e506df43aa685411f418b2bedc010e178e9a

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:48:08 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.MarketScore

7.1.1

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.95.158

avast!

Win32:PUP-gen [PUP]

2014.9-140525

AVG

RelevantKnowledge

2015.0.3463

Bitdefender

Adware.Relevant.BH

1.0.20.725

Comodo Security

ApplicUnwnt.Win32.AdWare.RK.~E

16723

Dr.Web

Adware.Relevant.81

9.0.1.0145

Emsisoft Anti-Malware

Adware.Relevant.BH

8.14.05.25.06

ESET NOD32

Win32/Adware.MarketScore

8.8659

F-Secure

Adware.Relevant.BH

11.2014-25-05_1

G Data

Adware.Relevant.BH

14.5.22

Malwarebytes

Adware.RKN

v2014.05.25.06

MicroWorld eScan

Adware.Relevant.BH

15.0.0.435

Trend Micro House Call

TROJ_GEN.RCBH1AK

7.2.145

VIPRE Antivirus

Adware.Win32.RelevantKnowledge.a

20234

File size:

430.3 KB (440,584 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\mymusictubesetup_ch.exe

Digital Signature

Signed by:

NCIS Technologies Limited

Authority:

Thawte, Inc.

Valid from:

12/15/2011 12:00:00 AM

Valid to:

12/14/2012 11:59:59 PM

Subject:

CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

085CF6F3312A433B1D49A8C12B31A107

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TF1IYwrFpphXlrj0eFrggMlwcdr0zAqw:TF1IYwRhXNxNObdzqw

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9182

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove mymusictubesetup_ch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.