» mymusictubesetup_ff.exe
Overview
Analysis
File Details

mymusictubesetup_ff.exe

NCIS Technologies Limited

The application mymusictubesetup_ff.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

NCIS Technologies Limited (signed and verified)

MD5:

ec1010a1171d657ce11417fc0f3590f7

SHA-1:

38ccbf159dd06f0db56807b53752276ea8c16fde

SHA-256:

9966fdc32560402d7d15fb278c224a419d2d81e3625dc3b1a055d9528301c0d7

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 12:41:31 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.MarketScore

7.1.1

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.80.30

avast!

Win32:PUP-gen [PUP]

2014.9-140603

AVG

RelevantKnowledge

2015.0.3455

Bitdefender

Adware.Relevant.BH

1.0.20.770

Comodo Security

ApplicUnwnt.Win32.AdWare.RK.~E

16325

Dr.Web

Adware.Relevant.81

9.0.1.0154

Emsisoft Anti-Malware

Adware.Relevant.BH

8.14.06.03.07

ESET NOD32

Win32/Adware.MarketScore

8.8376

Fortinet FortiGate

Adware/Marketscore

6/3/2014

F-Secure

Adware.Relevant.BH

11.2014-03-06_3

G Data

Adware.Relevant.BH

14.6.22

Malwarebytes

Adware.RKN

v2014.06.03.07

MicroWorld eScan

Adware.Relevant.BH

15.0.0.462

nProtect

Adware.Relevant.BH

13.05.25.02

Quick Heal

AdWare.Agent.no (Not a Virus)

6.14.12.00

Trend Micro House Call

TROJ_GEN.RCBC8JK

7.2.154

Trend Micro

TROJ_GEN.RCBC8JK

10.465.03

VIPRE Antivirus

InfoAtoms

18132

File size:

455.6 KB (466,536 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\mymusictubesetup_ff.exe

Digital Signature

Signed by:

NCIS Technologies Limited

Authority:

Thawte, Inc.

Valid from:

12/15/2011 1:00:00 AM

Valid to:

12/15/2012 12:59:59 AM

Subject:

CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

085CF6F3312A433B1D49A8C12B31A107

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:lFIqwNlrj0eFrggMlwcdr0zAWpfqZGD6hOUiww:lFLwNNxNObdzsqZGOOhww

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove mymusictubesetup_ff.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.