» real_desktop_pool_game_click_to_safe_install__________________mg_9933_gc.exe
Overview
Analysis
File Details

real_desktop_pool_game_click_to_safe_install__________________mg_9933_gc.exe

Secure Download

The application real_desktop_pool_game_click_to_safe_install__________________mg_9933_gc.exe by Secure Download has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

Publisher:

Secure Download (signed and verified)

MD5:

222f832f62ae2c1995159612e0876fa5

SHA-1:

2cb921ccc87fa3a05116af226b352bbde8480c9a

SHA-256:

49e305d3974d2cb9c8308c18be59720bae69dc289fc104ab3eb28e6f5de6bb54

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

5/18/2024 3:20:48 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.194.194

avast!

PUP-gen [PUP]

141130-1

AVG

Could be an adware AdInstaller

2014.0.4235

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/InstallMonetizer.BC potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.2v1@k47rJmmO

5.13.68

McAfee

Artemis!EB49E811BE32

5600.6919

NANO AntiVirus

Trojan.Win32.Generic.dgruvd

0.28.6.63850

Reason Heuristics

PUP.SecureDownload.?

14.12.12.6

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.141210

Trend Micro House Call

Suspici.B8842451

7.2.346

File size:

497.6 KB (509,512 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\real_desktop_pool_game_click_to_safe_install__________________mg_9933_gc.exe

Digital Signature

Signed by:

Secure Download

Authority:

COMODO CA Limited

Valid from:

3/4/2014 7:00:00 PM

Valid to:

3/5/2015 6:59:59 PM

Subject:

CN=Secure Download, O=Secure Download, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A163CF1968E65B367055E666115E2F14

File PE Metadata

Compilation timestamp:

12/5/2009 5:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:gfPFGpRhfyXp5UkallMCBiw5V8p8HbJd5AgARxybJd5A8Z:APFGpRhfyvUkalWCxrHbJd5AgADybJdF

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8917

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove real_desktop_pool_game_click_to_safe_install__________________mg_9933_gc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.