» setup_1017.exe
Overview
Analysis
File Details

setup_1017.exe

HighliteApp

Game Honey, LLC

The application setup_1017.exe, “HighliteApp application” by Game Honey has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisementsand connect to a remote server to report back such behaviors.

File name:

setup_1017.exe

Publisher:

HighliteApp Company (signed by Game Honey, LLC)

Product:

HighliteApp

Description:

HighliteApp application

Version:

1.0.0.1

MD5:

3f328409ab0232fe86bf88a99564d5ac

SHA-1:

c1301edcee0d203c50051265e6485313cefd7a49

SHA-256:

bd6382f1eab8c54124f121aad05a2ebe66a89b92810a683bd56721393c870f3d

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/25/2024 1:25:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.JP.euW@aO3ufBni

1011

Agnitum Outpost

TrojanSpy.Agent

7.1.1

Avira AntiVirus

TR/Spy.235816

7.11.142.180

avast!

Win32:Dropper-gen [Drp]

2014.9-140429

Bitdefender

Gen:Trojan.Heur.JP.euW@aO3ufBni

1.0.20.595

Comodo Security

UnclassifiedMalware

18084

Emsisoft Anti-Malware

Gen:Trojan.Heur.JP.euW@aO3ufBni

8.14.04.29.03

F-Secure

Gen:Trojan.Heur.JP.euW@aO3ufBni

11.2014-29-04_3

G Data

Gen:Trojan.Heur.JP.euW@aO3ufBni

14.4.24

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.6.1.0

McAfee

Artemis!3F328409AB02

5600.7145

MicroWorld eScan

Gen:Trojan.Heur.JP.euW@aO3ufBni

15.0.0.357

Norman

Suspicious_Gen5.ALYNB

11.20140429

Qihoo 360 Security

Win32/Trojan.Spy.a49

1.0.0.1015

Reason Heuristics

PUP.Installer.GameHoney.K

14.5.10.12

Trend Micro House Call

TROJ_GEN.F47V0214

7.2.119

Trend Micro

TROJ_GE.4D413E89

10.465.29

VIPRE Antivirus

Adware.Adpopup

28194

File size:

230.3 KB (235,816 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\roaming\updateserv\setup_1017.exe

Digital Signature

Signed by:

Game Honey, LLC

Authority:

COMODO CA Limited

Valid from:

12/12/2013 2:00:00 AM

Valid to:

12/13/2014 1:59:59 AM

Subject:

CN="Game Honey, LLC", O="Game Honey, LLC", STREET="12526 High Bluff Drive, Suite 300", L=San Diego, S=CA, PostalCode=92130, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C57927EBB6998E42069BCD6044F1CE11

File PE Metadata

Compilation timestamp:

7/14/2013 11:09:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:N+K0/eU4IdB0VTvCv+lZxGECSzc4tGeVeMVE:M2U4iT0nGElg4t3oZ

Entry address:

0x30DC

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 78, 3F, 42, 00, E8, 73, 2D, 00, 00, A3, C4, 3E, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 80, F4, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, 36, 42, 00, E8, 1D, 2A, 00, 00, FF, 15, 1C, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 0B, 2A... 
[+]

Entropy:

7.8961

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove setup_1017.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.