» raidcall.exe
Overview
Analysis
File Details
Downloads (1)

raidcall.exe

I.T.N.T. SRL

This the Soft32 ad-supported download manager that bundles additional PUP offers. "During the download process we may show commercial offers, such as a toolbar or other browser add-ons. The download manager is in no way affiliated or endorsed by the author of this product." The application raidcall.exe by I.T.N.T. SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Soft32 Download Manager installer.

File name:

raidcall.exe

Publisher:

I.T.N.T. SRL (signed and verified)

MD5:

c3ab7a3b688f627e8e18e8a3ecc9aa7e

SHA-1:

8816b87e629cae5a670e6adeb1ef8789313fd4eb

SHA-256:

4afae0df0027777932af831b7aac6bbf5ba2e9639a3eee26764d73a9f5d35be4

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The setup file is part of the Soft32.com download and install manager. It is an ad-supported installer and attempts to get the user to install various adware toolbars, browser add-ons, game applications or other potentially unwanted programs. If a sponsored software offer such as a toolbar is installed it might change the User’s home page, default search settings and 404 traffic. Note, the software installed by Soft32 is probably safe, just the installer is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 11:24:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Downloader.Bundler.Soft32 (M)

15.12.24.8

File size:

667.1 KB (683,128 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Soft32 Download Manager (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\raidcall.exe

Digital Signature

Signed by:

I.T.N.T. SRL

Authority:

COMODO CA Limited

Valid from:

12/3/2014 6:00:00 PM

Valid to:

12/4/2015 5:59:59 PM

Subject:

CN=I.T.N.T. SRL, O=I.T.N.T. SRL, STREET=Str. Costache Negri Nr 9 Apartament 1, L=Sibiu, S=RO, PostalCode=550402, C=RO

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5C97D3EAAA49D29938CA0FA32520A363

File PE Metadata

Compilation timestamp:

5/11/2014 3:03:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:8tdclXuuHpLRStmxIQHY0c8vgTvHHltCVwSLcWN+pJu6nQ/Ue3ot30wC2f:yclXXnStcHY/8vAfHD4wSAbLQMeikwCS

Entry address:

0x30E2

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, E4, 42, 00, E8, 95, 2D, 00, 00, A3, A4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 87, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, DB, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 2D, 2A... 
[+]

Entropy:

7.9401

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file raidcall.exe has been seen being distributed by the following URL.

http://raidcall.soft32.com/get/file/.../1226784?lp=adwords&tg=us&kw=Raidcall&mt=e&ad=25330972638&pl=&ds=s&uid=1421820746cf596357fec7d6195582aff46f4b297a&_ga=1487804782.1421820747&gclid=CPTX-YK3pMMCFUE0aQodCJgApw

Remove raidcall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.