» opera_mini_pc_8_11046_gc.exe
Overview
Analysis
File Details
Downloads (1)

opera_mini_pc_8_11046_gc.exe

The application opera_mini_pc_8_11046_gc.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from electroecs.com.

File name:

MD5:

84b5428f3f5cfb0306bd9d2daf9c9ed0

SHA-1:

51d76f03c6f88a7391ad4cac5624e0a561c2e6d9

SHA-256:

a18fe4b31be028588bb25ef80d59c2ca8ea20f7568b1773bdb5b9741cee74515

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

5/19/2024 12:52:34 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Adware Generic_c.DGP

2015.0.4545

ESET NOD32

Win32/InstallMonetizer.BB potentially unwanted application

8.0.319.0

Kaspersky

not-a-virus:AdWare.NSIS.InstallMonetizer

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.217.680.0

File size:

412.4 KB (422,295 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\documents and settings\administrador.user\meus documentos\downloads\opera_mini_pc_8_11046_gc.exe

File PE Metadata

Compilation timestamp:

12/5/2009 8:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:zFJ0Hn5GIYCp5ZadigRp/9EXCBYZd/Lk8op85yHcuDZExiirt5q2pd5A8Wwu:m5p5EdVplMCB4Rk1pgyH30trbJd5A8e

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file opera_mini_pc_8_11046_gc.exe has been seen being distributed by the following URL.

http://electroecs.com/.../Opera_Mini_PC3_Setup(installer).exe

Remove opera_mini_pc_8_11046_gc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.