» plugin_mt.exe
Overview
Analysis
File Details
Downloads (19)

plugin_mt.exe

VisualBee

Visual Software Systems LTD

The application plugin_mt.exe by Visual Software Systems has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from network.adsmarket.com and multiple other hosts.

File name:

plugin_mt.exe

Publisher:

Visual Software Systems LTD (signed and verified)

Product:

VisualBee

Version:

V26.1

MD5:

e15ae67b25f4bbe55b78b91a1e83fb59

SHA-1:

01506823a131492c34183b23ea197dbe3309f0df

SHA-256:

b8c8194dc686fffeb5412e9f126f83bd65da65a785855c204820d15fe29a03dc

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/27/2024 1:25:52 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.1326

9.0.1.0358

ESET NOD32

Win32/DownWare

7.9153

Malwarebytes

MSIL.Solimba

v2013.12.24.12

Reason Heuristics

PUP.Optional.VisualSoftwareSystems.J

14.2.20.17

Trend Micro House Call

TROJ_GEN.F47V1207

7.2.358

File size:

458.4 KB (469,368 bytes)

Product version:

V26.1

VisualBee.com

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\plugin_mt.exe

Digital Signature

Signed by:

Visual Software Systems LTD

Authority:

Thawte, Inc.

Valid from:

10/18/2013 2:00:00 AM

Valid to:

10/18/2015 1:59:59 AM

Subject:

CN=Visual Software Systems LTD, O=Visual Software Systems LTD, L=Tel Aviv - Yafo, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4151E7647C88F6CE43FD79FAAA1350F0

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:R2cDXPtDVzyTGtK93+ErD54UU99wiMyg02sK2M:scjlp+Gk93X/5ZLLJ

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file plugin_mt.exe has been seen being distributed by the following 19 URLs.

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=aj6VRY4YK7Ts_U2bmh_NGLlsknkKqQ1PIqLDoSSgoyUi200Fm_hiAvdJqhUq5hLiSrXPdKHVaauvzcVrUlCHf_1qRiID6RFbnvBAHcy_LkZY4t1-1mW3ruBVwglu3_T_QVU_DAsp6bgJDKhdpC_bpEWfRetzNaPeX77JWZXhx_ZcCnqejx5h1eBMin632DBUEvcdKOuVCjO-EUEcgA5_sFtJzON2ajN9mkCVFK1Wbqf0aRvLxlYSHK9F-IZ9G4jEXs-TFOa_GGeAsQlhToR10RJRl35mRRCey8qiQGfAEQDlNlRO7naHktsvhL9XENWFfAbBXFFOrNcNuCiBqXlhxvh9kpuxBhc_exGAGn7xXOCTNwM5-7ddwMMV7xKWHzcJ2Hf7N_RKI6-JYYnT

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=Tpu6YQwyjQFp9cfUDhdr_uixT1GC-7W27tlr7mAq71FqsbXjGOT7mmaJhuHeDBKFkKIoxU5trMDbvut6GwZ2pxBNi6QC0kRFlEJ0XQNhlwM0WDJkfz4BWZ-CZi-atKPWVEguG_hVYU5zcxMxbnKlcWl3dy047ApvRjGdS65LHKDhliUvVGZmzToRsPlSuW8Kw0onCSEsuqbMgXgwEJx1AePZqKufdHSdhH0Q6XklWf9AAWXNxcQicU4IDVXXZGM8KY-FvZUdN33E8hjnVKca5uwQcf8v7hUu7A9aRAKnByQRTi_T331vmr66mFLkpjlLqFBmfiJEXSEwSqIobeR50Ijb7sCv1cLqtFGUH6xvVIV1yN7Y_j1b64Fvcm8M

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=KjclNlPVfdgM8EqG_1JLHQpQmPSa_TN12qj-42RLFy7RVcS1ndp9KgcPkwrbAYIXStbE1gRLSKFl_CUbPjEPmWq4IvD4eX6dLVX25ri0ZDuCjnycIYP8d51Aa5qLMFhLNU4An424bxxYN_chmSDyWXW_ziY31Bu6f83L21Y0T4TNhsPhHfk-LQzPzdNFcwWGX_VkwicwtkhAjx0pBIc_ehTxfTLQARgnW5E21xM_QfxWj032xKm0Hy_IyT_no7AjUCCyRPMGM90KIPACWiD69nD68c14kJckEYh5Ps6z-WO5PY_3DfLQqwwcVmbWKIdMzcVxY5cBovYVGLte5KCxYk7Efkmo0JafuJKdXMmsddK9ZLvpEp1ZNQpcBe9Pmt5veTMpxAGfQNeNKP4R

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=b8O3mTN3HzepKm2MiuiltH5kOL31Lp9BH-Q0bbBEQIL_nTTlorYgx7qqtjLN9IKNZSw6AbGd0C-22xnTYaZdfrL6t4YXrwb5Ll8gQt_JaoIUWLD14Am-tlRUXR3dRbtg4VNx1wdWiGs8QlEAWWcDE6J3jjttVGkeADnfhwXnrjDkyBzMB1LBXdE1sDuBpNySFKzSi-vssJ2_5lqemsoRLiG161oWeAXQ_r0CmiqgO9_yxxbOXHpVOPyje2ZZ-zRlYdEdoaU9SerspZA21z-OdROjVjdUtzIdTRsPSXAGxcQzwSAF_wWEcOI-C4wSHfurBXdcdsG_UWO2IZYdGyWy1AL_JJ7PMViNEq8FGrCBDWKoGczQ861gk-Kid15MvPPONBJbQoLdIVlIHkDF

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=8XDiT8CEXM4QfgF4o3nCSq8P5G4PeWv_Oaa-ofcYIPsAjIHNvLS72nBT45p0UiDsyuE-jW-G3uUSPeqpKPy5RYOyDjCtBIW9FX1cRj19el82v1mWLeAlzv4w49BOmx-XR3htqzHd4sIlB1CUarGtrGOjHOyyZCOmro7c_Wm-PA5PuTXfxXO7GR4VSR_ZQu9Cj6s0bv1w2LmDwheKcOlCtR_8UQpxF_MHbYtAv9effUBK-bBc7GrB-dv7ajwP1XIM_zFIMLc1BUEOXqfao0f5cKNegnA1WictDJhnSV0VXY7TZw5xe-6ewJeCENuHef1Tx3Q1x-AGoS4hauYXuE1KXMZc8ckc0QwCNrdjOTPlAEgaO3JHj8EBy8aeAff6GIfXN_RoMw5K4a3PGJ6B

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=2wZugheTnsMLqEnQdoyK7GoGnxrVNOJhLT4oLxvRdsYlE8EIrvFesztoRhsLp6NUBhFnCn51Sd4AufEkA_6fKthDybByW3j8mLbbxok9qKV_HJyk-Xm_mbxoLnEy0p-zGTP7f1noDTfeaq4rFl4kVU8PllCp10nH_YccC1eRgUaaa1i0DiAAD6yWkdsJ8R5EZldjBc8cy5Pa911htqQ7xF0zJYcSQM-Wi2A_r4x468jC9JRdqB-h50-BZcOdTNXLMybylKYS9L6st5ErxQ2DVtbl8fFUKyyTkwZj-Rkq5ujBV_UL-WhpPIWTBHV7v74WuvfE05zVj7UK0ZVuuVL7vTdzG8N7nMWizXTrq-IYbzI8OkbSriMKfw_JIbvPich6vUIB7xJ06vpWzoDu

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=L5x5-kC67J_ZtuZ08mM3agawEe4SA0Wt0xSyD7KPXb1-3Da4FOg3eoM1QXDmgK3GRJbDlsZ23isitmJqyxx9ExfF7IH0URMamVMe_2OWtc19IDkPvIB0R-oF0dldQxZwcJ7qEK50MCWMeTMHayF5Ie0hz1Mj0SPU2RBVWA3jds5TdIyj08JqvOd1SXqo948ub103aq1jqGDRShYbjaR36Il0ubo5ooo5vFNmlyEKbwm6r5nzLw3T-alIXbGuhJUmcUuda9rO5pfrT9X4jCMnq9z70LWxfYoZ5egmEXadJxs56LOdc-9FuFi--nsrl9Zw9G8nbeh8fNhWRXtpHM5vMZyZ1P4wigF8y929MBG7S1agdwv5iwm_255V_VeFUH5vjGtGgQDGw6bichiQ

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=Kxd7dX_xuhtzc_-zonYRUFkmlzkWHC5uFMF5lyaOeyIyOXYjoGdJ84cziul-xkL6AogJduGZFSIyT7ZRGFHeXk_mKVZ_ahKK9PUO_6PoyhO2bYIhsHnQjlAhD_1QllGQfdNne_Hrqun1WbplmRfmeR0kIbSVjoGwz_Sk28qSynGcpaWdDCW2TqJW6bW0SrfIROzu7D9Z_hH_GKuuG15HoWXoe5R33TBC2TBAvhQdT2RdY5kDNQwF-wiBMCdrhTQLaogN5QB4yeWQhqSzDal313NLo-zslQoL06QUZyMp0H9RyrM8jq5R6VI2lizm8PwpqqZUU6FRfTvUhae2D47mK__jzDYI5JQbsIwZQIdhfvHV0yRQ8ktTm6kpf63__zUvyzly2BQcZuUKa5mR

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=BbwITLVanTUhXsXmm18eK4O211WjTZZyUctz-u4TW9px55gKHvkEcEaRbHczam9H7Zq9vUtDco2DxfaW74E1FbqDdMSBWYrtKJDzyD8R--Wk3VGoT3YAGYR2PMHPR5sM_vwgalT8uGVT0PFvmeO2_UAQf5MGSiOWS2ottWgO5v0QtrmM236-8JhshlseQg-wOoasoPAI2Rc9ftTqwM-wlAoPgZPLae7hMHCJVyLxOmfcQKy9LIpRvHa2tGvuIflXEzDmOkk5ciVJyCxO3X0U8hAQ_E4q5CvczYrp8qsfRm0Xis4yzLDYJ2PAD-0LjeylJldyVrCT4jeDWSW0Dps5ZIgFFWBoIYU2UyyoH0fCJiPE4q9-rLWul1UCxQZQ

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=ChHPkEAirNFOQ5WZ6wISnmQn1s9kNcEib_GbByulcxEvwsrDcWvnaKw8YZ5edhVDN26TyRyJ3Do2SjDJVtRDfOy-o7qPEIb_HU9eTl0XYUUjy-lRmVuvCyzhEQmCWnkTQh5KOFrW9FHGFZdHt_bc8GVXSXfqdQoVS_J6LblDjFXq6kGvsD1qPI2ERsHvjEOcejJC9sXFWs6vMFIu2sNrP6B2D3CFEZDgowo6B3z5zqp-wt2ZGnG6a9kn8S69X4qMjqMEKSw2edvzxUmOmMVqjsjkNPqGaQ5w8hMS-Hu83cdMTxrblvP4lJSnlMGqKIlf9RkJ8CI0er-O7KRm5KUP5qdAOHD0HNe72xibs9SiEI17swwPgxMFEPjMG7hKG44w6aDnoC83RI45MjIj

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=fNJtGEpjDBPycX1a_6sVz6eR8brSTOMSIjyNLmbz-PWNmEItVjfFEQ4BzudhPRodQil7HAAPOtUyBHiYLGogNqDWKeKIOKM1eGLRa6rQWjaW1yHjBF-P5c6TCkAQstqHyw4gmA9vop-A-3vypsliSs20lD3f6DCrJyAvjjDW3F4Aje5nhLaf3-1rwMr5OmzoDrub4C3EFeKJLvz_clDBDvlo21ONhCvtCw7iurEt_Nj0NQLD4wSCNUvjo4FPmDuxJ17vNUNq0yXZ9r4EaLC6scn_kEDzTqxBRAF_xEozhkdq8kMLPvRrc7xxtz99YHL1AOnrRkbR3BcBGH6Qx4TemnlowIkMjWWme01sDGgn2bnqLWLN700GU11HgyQiVh4gDOH9b6VAvF2etnNY

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=1OwZcb39jUE5_msXCGDlqug3-evgB9YVD81Pbya__qo9PjNkEuhcZUE7xxf32MM9mEYdqU-VsQbLIu4YVgECxD6PIlWbDE_SiXtwNMCkQP57KaGmi3gg6eJQpvkYr5H4CHZPHQ66KQLd3hPvKQyIlmkFPiOgEYdCzX4eTyex5rF2ToH1IrRYXaisr4cy5X6mADH3ygyhgzpAmQAgM5WH4XNuTyzzY2A5vT67jUDF-WILVRmrVCAoPdx7uVoGrBMHzv_Oj5BDzHNCMIUtMSKdAaZaTqKDFxurR9e_BIMAudJCtEwGfaBRbPvKfLPv7i4H3op1B14Nm2TX8_7gToq-eb7p3TJYyAD4Jv8hZ1iMkOxbdJxlyJACYXilLDvQlc-0BRobL7cQgdGXc2Pe

http://www.visualbe.com/dirdownload.php?trackid=matomydd&refid=20p4LF2lWxrY8rYU1JWBEi1vOUAD000.&ce_cid=20p4LF2lWxrY8rYU1JWBEi1vOUAD000.

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=wfSSnb7H7oeOICQrwQnkBWkC_JXS1WhlWQQ6bh9p2A6swI02xYDo-XRueCL1wR5XdhQcf3jv8G_sQCHW9Ga7cZaNuRZtP_z0DHHA1dmK0-sZQeqbuqKjOkkKF9eO--RGUQ4aoMlmIysy2gE5JqTXmmAxn-nayXaNpPtKIgfdzIiEY7wRo4ToQfWgBFV57TCBfq8sPdKkNCwf8JHVFouKPTsbA1lnZW_2SDQTaf_ak-3p2HA6nU1tvWz0V5yLSBXJSn8WvyC9Z4j6fwKn-_0Zj7A0f_QlSpdV-cF-iyyTjjXfxZKfZB9htvgRDru2f97mgr5lpfgbdzeByatkGwCnuxfURuC1PRAIBPszyWCHb_aNxljujcDarUjq6qBKBwncgb455ngRoAdJ0uLu

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=HzjSqt_kQghJORryG2wmFx9Bfvu441cYxrwqg2s23mJQXYDg7h-9bPeE6X7iCVisgsH4_tX1vsNh-lcquceh7tsoX2hyv9ZZXDeqya7cl0FwArO-cZchFhWHigcQRuRQ9IbOHgDcaDSM3YPZ4aPPPHIWtpP0KGvKTjSQfu0N3Q6X53uttF28ZS0JpEK-NMlEEnNRSZ1DPabdStXMGY_L_DAlZnnE3-9S7kVPt_2ucsZGwl6kY9qQjssQJa6X8E9kRM_hOJLV6hyGVOAvEAg75Y20Td-G-HmEsfZpNtl4VHfksllXl1UgKUEC3OF04KRqUlblHGHnWLWgNPPEYVX8ynE5URfvYBCtCgsqbEJfJXr_NfqF6oWEivwBkUgQ_4JptFWph9l42PDH8Ss-

http://www.visualbe.com/dirdownload.php?trackid=matomydd&refid=20p4LF1vKJAwsoD83rQ5B91vPtnm000.&ce_cid=20p4LF1vKJAwsoD83rQ5B91vPtnm000.

http://cdn.visualbee.net/.../Plugin_mt.exe

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=-jLYgJojZZBqB1laRMgxVfiRrt0_N0SNhkKMtKivrO7u1Ji4pCNK6W0EZ-JlRRl-HgZq3o_UIrtAOGTA_dqNQzcw8UC4_LzadYEL15SC7HCsmWb23fT72AKuvbc0aBbqSv4rgeTTMZmUTgWMWLSzU7XoBrJu66zjvI57_nDTo-0mv0mCNmzImAQUj8DsWAMer6roCT06Vvs2kR2WCCKvxEGfdQqc26aKUG99whJLktKACgOVwdzabh1ZmHEYcL55r7raWAZgS6aSUcVw4jQonLqLfwhiBFPPgY0HOE6fQLiH_a2ef_nhOBn0P0O9vWb4IpdzOnYTru-lgbhDNdStdcT_W7ZhkLcIiif3o4J1aY5M2DlEMYdP96jBMKf9

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQapplnnuci2KYmGKjfZmJkHGYZaR7w45lapdknA?dp=-lD8LwdPzbr3d42bTcxWEDcdU_5XXV-92TSmwwfDfT8gm-AbrnHmeQ0RwWcS9TJdzOXesCk2ZaRTE8K9F_QCErKdWeRwJohlLVh1SiA89gauGfLHx3CW5b0DZct93H_SkYcvf_XC4BW5ARQND3gSdypqASlTDRoiVFvoD0EziniFVAFJHpOYLYvT20EgUfIZq1mdZyTf03_TDyL62osw_3rxqKSieSewwgexOw6riPzJCmHj0RO86fbFyVyriZDOA2vv1o0QJDvRhEIa97tyH49DckGI2D-Mm3XFx3NjPfADln6mxClh3jrXZB--T6tW1Hmlgy9U1Zlf6ofnDmKLWW8XrxWZsZICJyTSFUz4Sqvq0FeUFBjf9w9DBs1X99G36VJqardO0Sqlrqix

Remove plugin_mt.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.