home

remotedroidserver.exe

Des

PlatformPrompt (Alpha Criteria Ltd.)

The application remotedroidserver.exe, “Des Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftchuckleflash.com.
Publisher:
Dogosifuso   (signed by PlatformPrompt (Alpha Criteria Ltd.))

Product:
Des

Description:
Des Setup

Version:
2.6.5.0

MD5:
37e954a08d1273234b2668371aa05a71

SHA-1:
76693b9e8effa1721783c959c1f4800f4e3338b6

SHA-256:
ca740946b5b6544fc18ba5aa4114d7716d7b392585a12446968e1f228e1a1ec0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/1/2024 6:06:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.11.3

File size:
952 KB (974,848 bytes)

Product version:
3.4.8

Copyright:
Stub Web

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Digital Signature
Signed by:
PlatformPrompt (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 12:17:26 PM

Valid to:
9/2/2016 11:02:46 AM

Subject:
CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111817CD313A533F2A76178D4452F81A6

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:q7vDPwUFhDqNzcU16jVXw4VXNLnMXugux2TrhbIC:qjzwUFJqpKpVxnMXvq2TdbIC

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file remotedroidserver.exe has been seen being distributed by the following URL.

http://www.giftchuckleflash.com/xokVI9h1unLHQ7kpHJpIsileDgZqTHJzkUik17b_GDIALQ_tqq8GfZ2J1WOW3EgztOxgW9ShOoNqLW3TsYApt4K4mmR3c0OFLx2Uc ndIBFD_tFC1EyqSc5nKb8FDD B9IkSX7CoxoC4o4SSmeXdDVAnWFUvLTGGPMwvHoErB FCXqvkeO_2gbXXaUVJjhtVuMZoXrAkvGIIyPD8M7pcSVLMIR57Q==-G1gAAGRgnq0t2kk84gDCBhy4RBRoILrQjWXbx3rf5yXQF2zGccr7ohGH0FoM017k69Tk9Cf4NrO07UKi_0nLP1dXO4dsU_szf8evDxQCglMwTWIEhQE=

Remove remotedroidserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.