» spybot-free.exe
Overview
Analysis
File Details
Downloads (146)

spybot-free.exe

Ultra Setup Manager

QUALITY SCORE SL

The application spybot-free.exe by QUALITY SCORE SL has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from offersrepo.com and multiple other hosts.

File name:

spybot-free.exe

Publisher:

QUALITY SCORE SL (signed and verified)

Product:

Ultra Setup Manager

Version:

3.3.16.625

MD5:

5c3098314bcca340ef705fb2d4f6b8c9

SHA-1:

409eb76c790fe6c3c77dc3068316201f83b63cee

SHA-256:

53512d92055b3c6efb0f2595dfc93c95349a5841da01f9511852d72ceb147084

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

5/6/2024 2:57:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.QUALITYSCORE

15.2.1.11

Trend Micro House Call

Suspicious_GEN.F47V0130

7.2.32

VIPRE Antivirus

Iminent

37158

File size:

148.9 KB (152,504 bytes)

Product version:

3.3.16.625

Original file name:

i3KC.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\spybot-free.exe

Digital Signature

Signed by:

QUALITY SCORE SL

Authority:

COMODO CA Limited

Valid from:

1/20/2015 1:00:00 AM

Valid to:

1/21/2016 12:59:59 AM

Subject:

CN=QUALITY SCORE SL, O=QUALITY SCORE SL, STREET=CALLE SERRANO 213, L=MADRID, S=MADRID, PostalCode=28016, C=ES

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AFDAFBF8A640E5E34B76A9CAFF494517

File PE Metadata

Compilation timestamp:

1/30/2015 2:45:08 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:LhWj/Br0RFKbjobzukXAfYivmFA+ULJTAAwqqcbzd:KeKbkbzsLK9Tct

Entry address:

0x1FD0A

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

119.5 KB (122,368 bytes)

The file spybot-free.exe has been seen being distributed by the following 50 URLs.

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=imvu-free.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=fr-viber.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=vuze-free.exe

http://offersrepo.com/downloads.php?__tc=1426595612852&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/download.php?__tc=1426133125064&downloadName=winrar.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=ytd-video-downloader.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=teamspeak.exe

http://offersrepo.com/downloads2.php?signature=qualityscorei3&downloadName=daemon-tools.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=norton-removal-tool.exe

http://offersrepo.com/downloads.php?__tc=1426038742750&signature=qualityscorei3&downloadName=navegador-gratis.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=paint-tool-sai.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=autocad-en.exe

http://offersrepo.com/downloads.php?__tc=1426558378787&signature=qualityscorei3&downloadName=google-chrome.exe

http://offersrepo.com/download.php?__tc=1425633860287&downloadName=minecraft.exe

http://offersrepo.com/downloads.php?signature=qualityscorei3&downloadName=sw-empire-at-war.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=terraria.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=minecraft-forge.exe

http://offersrepo.com/download.php?__tc=1426349103980&downloadName=avast-2014-free.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=htc-sync.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=steam.exe

http://general-changelog-team.fr/fr/downloads/finish/.../2-adwcleaner

http://offersrepo.com/downloads.php?signature=qualityscorei3&downloadName=cacaoweb-free.exe

http://offersrepo.com/downloads.php?signature=qualityscorei3&downloadName=minecraft.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=dofus-free.exe

http://offersrepo.com/downloads.php?signature=qualityscorei3&downloadName=apache-open-office-4-0-1.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=bluestacks-app-player.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=firefox-2-3.exe

http://offersrepo.com/download.php?__tc=1424212784215&downloadName=adobe-flash-player.exe

http://offersrepo.com/downloads.php?__tc=1426101916756&signature=qualityscorei3&downloadName=mail-checker.exe

http://offersrepo.com/download.php?signature=qualityscorei3&downloadName=google-chrome-29.exe

Latest 30 of 146 download URLs

Remove spybot-free.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.