» natata ebook compiler gold 3.3.5.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

natata ebook compiler gold 3.3.5.exe

Sergey Petrov

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions using the JustPlug.it browser framework. The application natata ebook compiler gold 3.3.5.exe, “Installer for SuperbApp” by Sergey Petrov has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

SuperbApp (signed by Sergey Petrov)

Product:

SuperbApp

Description:

Installer for SuperbApp

Version:

2014.4.8.1812

MD5:

85f4474dfa4bbabaf82506a7b0d78460

SHA-1:

1bc0d2f0a6401e7bab4cb153cae658f41cc64b62

SHA-256:

03f8fcf957ef83c7d7aeb4f7131a0a28071a4d381eec73e6ce8a1da67eeb4f45

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/23/2024 7:44:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OAU

5829361

Agnitum Outpost

Trojan.AntiFW

7.1.1

AhnLab V3 Security

PUP/Win32.TSULoader

2014.11.24

Avira AntiVirus

TR/AntiFW.b.86

7.11.188.92

avast!

Win32:InstalleRex-BI [PUP]

141119-1

AVG

InstallRex

2015.0.3281

Bitdefender

Adware.Agent.OAU

1.0.20.1635

Comodo Security

Application.Win32.InstalleRex.KG

20178

Dr.Web

Trojan.WebPick.29

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.OAU

9.0.0.4570

ESET NOD32

Win32/InstalleRex.P potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.4161048

11/23/2014

F-Prot

W32/InstallRex.B.gen

v6.4.7.1.166

F-Secure

Adware.Agent.OAU

11.2014-23-11_1

G Data

Adware.Agent.OAU

14.11.24

K7 AntiVirus

Trojan

13.185.14098

Kaspersky

Trojan.Win32.AntiFW

15.0.0.543

Malwarebytes

PUP.Optional.InstalleRex

v2014.11.23.11

McAfee

PUP-FHQ

5600.6937

MicroWorld eScan

Adware.Agent.OAU

15.0.0.981

NANO AntiVirus

Riskware.Win32.InfoLeak.cvgqot

0.28.6.63474

nProtect

Trojan/W32.AntiFW.323752

14.11.21.01

Panda Antivirus

PUP/TSUploader

14.11.23.11

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.AntiFW.A5

11.14.14.00

Reason Heuristics

Adware.WebPick.Installer.EE

14.11.23.23

Rising Antivirus

PE:Trojan.AntiFW!6.17D6

23.00.65.141121

Sophos

InstallRex

4.98

Vba32 AntiVirus

Downware.TSU

3.12.26.3

VIPRE Antivirus

Threat.4150696

35010

File size:

316.2 KB (323,752 bytes)

Product version:

1.0.0.3

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\natata ebook compiler gold 3.3.5.exe

Digital Signature

Signed by:

Sergey Petrov

Authority:

COMODO CA Limited

Valid from:

8/21/2013 8:00:00 AM

Valid to:

8/22/2014 7:59:59 AM

Subject:

CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata

Compilation timestamp:

3/12/2013 4:51:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:CribUzkuvcBYC47l2xLNaFmoKZLxtHU/TMDkW01eedmQb+xn:Cr7kuveY33FJUo7MDkA6K

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Entropy:

7.9520

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file natata ebook compiler gold 3.3.5.exe has been seen being distributed by the following URL.

http://lp.ezdownloadpro.info/.../NATATA ebook Compiler Gold 3.3.5.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

TCP (HTTP):

Connects to c1.stylezip.info (54.186.255.26:80)

http://c1.stylezip.info/?step_id=1&installer_id=14048916&publisher_id=404&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=42146748&external_id=0&session_id=84293496&hardware_id=98342412&installer_file_name=natata+ebook+compiler+gold+3.3.5

Remove natata ebook compiler gold 3.3.5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.