home

offspring_s01e12-e13_repack_ws_pdtv_xvid-fqm.exe

Terra Firma Internet Consulting LTD

The application offspring_s01e12-e13_repack_ws_pdtv_xvid-fqm.exe by Terra Firma Internet Consulting has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.oneclickdownload.co.
Publisher:
Terra Firma Internet Consulting LTD  (signed and verified)

MD5:
30a564f14cfb58bc3cf2bc5efdca099a

SHA-1:
192270fa063bdf2e2d226dbc7c7219cdab989022

SHA-256:
63462bdcdd005ba704b7e97f02205081ff45e3e7496732ed84563d67f63a9133

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/26/2024 9:25:05 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen6
7.11.217.78

avast!
Downloader-UHI [PUP]
150129-1

AVG
Adware AdInstaller.OneClickDownload
2014.0.4257

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Adware.1ClickDownload.G application
7.0.302.0

herdProtect (fuzzy)
variant of quicken_deluxe_2012.exe (Adware)
2015.6.21.3

K7 AntiVirus
Adware
13.200.15263

NANO AntiVirus
Riskware.Nsis.Downware.czyjkl
0.30.0.296

Reason Heuristics
PUP.Installer.TerraFirmaInternetConsulting
15.3.15.3

Sophos
PUA '1 Click Downloader' (of type Adware)
5.12

SUPERAntiSpyware
Adware.OneClickDownload
9997

Trend Micro House Call
HV_1CLICKDOWNLOAD_CG0929BF.RDXN
7.2.74

VIPRE Antivirus
Threat.4784938
38050

File size:
286.5 KB (293,384 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\offspring_s01e12-e13_repack_ws_pdtv_xvid-fqm.exe

Digital Signature
Signed by:
Terra Firma Internet Consulting LTD

Authority:
Thawte, Inc.

Valid from:
5/21/2012 10:00:00 AM

Valid to:
5/15/2013 9:59:59 AM

Subject:
CN=Terra Firma Internet Consulting LTD, O=Terra Firma Internet Consulting LTD, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A1E86793244EC30F46537E0AE0F0FB3

File PE Metadata
Compilation timestamp:
12/6/2009 8:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:HQqo1rnyvcjtq1ucJQPM1ZoNbiti0eSkMQ2/ndpAiti0:i1ryEpFcOUzj4Jx2/dd

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8883

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file offspring_s01e12-e13_repack_ws_pdtv_xvid-fqm.exe has been seen being distributed by the following URL.

http://www.oneclickdownload.co/download/product_download.php?m10=magnet:?xt=urn:btih:c65b4abd1182631812d0773f72c2886737da5a5d&dn=offspring s01e12 e13 repack ws pdtv xvid fqm&tr=udp://.../announce&dn=Offspring S01E12-E13 REPACK WS PDTV XviD-FQM&tr=&name=Offspring S01E12-E13 REPACK WS PDTV XviD-FQM&sp=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.