home

spongebob-pizza-toss.exe

Duck Play, LLC.

The application spongebob-pizza-toss.exe by Duck Play has been detected as adware by 13 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Duck Play, LLC.  (signed and verified)

MD5:
83122f09ab34290cb44277d70a9e4421

SHA-1:
0a8dfbd520df7c5296ac567ae1c56da47d2b0cb5

SHA-256:
0e073ed25a7eea9fe7bc00f37cac75f8a90c558c48ad20bee3dfcf1bdf3c9f4c

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 3:11:22 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2015.03.10

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.215.190

avast!
Win32:PUP-gen [PUP]
2014.9-150318

AVG
DuckPla
2016.0.3167

Dr.Web
Adware.InstallCore.40
9.0.1.077

ESET NOD32
Win32/InstallCore.AL potentially unwanted application
9.7.0.302.0

K7 AntiVirus
Trojan
13.200.15211

Reason Heuristics
PUP.DuckPlay.U
14.12.11.23

Sophos
PUA 'Install Core Installer'
5.12

Trend Micro House Call
HV_INSTALLCORE_BK0829B4.TOMC
7.2.77

Vba32 AntiVirus
Signed-Adware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.4150696
38050

File size:
1 MB (1,050,976 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\spongebob-pizza-toss.exe

Digital Signature
Signed by:
Duck Play, LLC.

Authority:
VeriSign, Inc.

Valid from:
12/14/2011 7:00:00 PM

Valid to:
12/14/2012 6:59:59 PM

Subject:
CN="Duck Play, LLC.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Duck Play, LLC.", L=Plantation, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4367F454AABEB75C26BC4C25B8D263BA

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:KJqHsAKk2qRSx0Y44Nl/2SprHDbGYPqLHCk:KZAIqk/2CPbtPH

Entry address:
0xC1F20

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, A4, 41, 00, E8, 34, E6, FF, FF, 3D, 49, 30, 47, 00, 00, 74, 0A, 68, C4, 35, 47, 00, E8, 20, F2, FF, FF, 83, C3, 07, 83, E3, FC, 83, FB, 0C, 7D, 05, BB, 0C, 00, 00, 00, 81, FB, 00, 10, 00, 00, 0F, 8F, 93, 00, 00, 00, 8B, C3, 85, C0, 79, 03, 83, C0, 03, C1, F8, 02, 8B, 15, 1C, 36, 47, 00, 8B, 54, 82, F4, 85, D2, 74, 79, 8B, F2, 8B, C6, 03, C3, 83, 20, FE, 8B, 42, 04, 3B, D0, 75, 1A, 8B, C3, 85, C0, 79, 03, 83, C0, 03, C1, F8, 02, 8B, 0D, 1C, 36, 47, 00, 33, FF, 89, 7C, 81, F4...
 
[+]

Entropy:
6.9187

Developed / compiled with:
Microsoft Visual C++

Code size:
786.5 KB (805,376 bytes)

Remove spongebob-pizza-toss.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.