home

roboformsetup_ff.exe

NCIS Technologies Ltd.

The application roboformsetup_ff.exe by NCIS Technologies has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Ltd.  (signed and verified)

MD5:
d3c6d7dc33f58838d70b620f9b204142

SHA-1:
b4f8cce783401fd821b929ad71a0d4181f2e94d4

SHA-256:
c6a2e03e5eccbbc9f7b5b54956588c1e876bdb24085ea57fbb0b1e6ef24269df

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 10:19:09 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.68.48

avast!
NSIS:Adware-IK [PUP]
2014.9-141230

AVG
RelevantKnowledge
2015.0.3245

Bitdefender
Adware.Relevant.BH
1.0.20.1820

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
15770

Dr.Web
Adware.Relevant.81
9.0.1.0364

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.12.30.11

ESET NOD32
Win32/Adware.MarketScore
8.8180

Fortinet FortiGate
Adware/Marketscore
12/30/2014

F-Secure
Adware.Relevant.BH
11.2014-30-12_3

G Data
Adware.Relevant.BH
14.12.22

nProtect
Adware.Relevant.BH
13.03.31.01

Trend Micro House Call
TROJ_GEN.F47V0314
7.2.364

VIPRE Antivirus
InfoAtoms
16442

File size:
753.8 KB (771,920 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\roboformsetup_ff.exe

Digital Signature
Signed by:
NCIS Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/17/2012 7:00:00 PM

Valid to:
12/18/2013 6:59:59 PM

Subject:
CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:QFZT5dayO0E6F9MClSn1IloQC0eFrggMlwcdr0zABJ3XaxBKKdRy0Yg:QFZT5gzgblwnGnQNObdzBdXaxod0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9626

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove roboformsetup_ff.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.