» noteworthy composer v2.0.exe
Overview
Analysis
File Details
Downloads (1)

noteworthy composer v2.0.exe

Max Setup

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application noteworthy composer v2.0.exe by Max Setup has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.download-provider.org.

File name:

Publisher:

Max Setup (signed and verified)

MD5:

46cec0b5787967df1fa6685256b321b8

SHA-1:

af7786c701861fe208bd665e81e20388bb3781b3

SHA-256:

c4b291bab64897d6bd879a56cc55289b2813dacd8771a7163717cd24c4845c3b

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 4:55:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.90992

6397131

Agnitum Outpost

Trojan.Kryptik

7.1.1

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.209.228

avast!

Win32:Malware-gen

150101-1

AVG

Could be an adware MultiBundle

2014.0.4257

Bitdefender

Gen:Variant.Zusy.90992

1.0.20.215

Comodo Security

Application.Win32.Installcore.MJ

21055

Dr.Web

Trojan.Packed.24524

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.90992

9.0.0.4799

ESET NOD32

Win32/Injected.F trojan

7.0.302.0

F-Prot

W32/A-ea8e687b

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.90992

5.13.68

G Data

Gen:Variant.Zusy.90992

15.2.25

IKARUS anti.virus

AdWare.CodecPerformer

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.194.14945

Malwarebytes

PUP.Optional.InstallCore.A

v2015.02.12.08

MicroWorld eScan

Gen:Variant.Zusy.90992

16.0.0.129

NANO AntiVirus

Riskware.Win32.InstallCore.dfgmcl

0.30.0.65070

Norman

Gen:Variant.Zusy.90992

02.01.2015 13:58:24

Reason Heuristics

PUP.MaxSetup

15.2.12.20

Sophos

PUA 'Install Core Click run software'

5.10

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

Threat.4150696

37240

Zillya! Antivirus

Trojan.Injected.Win32.4

2.0.0.2065

File size:

633.5 KB (648,736 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Digital Signature

Signed by:

Max Setup

Authority:

COMODO CA Limited

Valid from:

3/10/2014 7:00:00 PM

Valid to:

3/11/2015 6:59:59 PM

Subject:

CN=Max Setup, O=Max Setup, STREET=Lillienblam 28, L=Tel Aviv, S=Tel Aviv, PostalCode=651307, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008F6F1294DBB38F9F80A7A06DE489DF45

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:OEnvpiAlYhZ/tqYeH6s/HCgxNM2YwSFsDbh+C9ZyiG9JOV80ECpnuNOGKLuJuv0R:Tnv8AlY/e7/HCgxNM2JSSDlZyx9JOVBo

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file noteworthy composer v2.0.exe has been seen being distributed by the following URL.

http://www.download-provider.org/.../download-k:NoteWorthy Composer v2.0.html?server=ca

Remove noteworthy composer v2.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.