home

Steinberg_Cubase_5.1_-_Advanced_Music_Production_System.exe

Unitech LLC

The application Steinberg_Cubase_5.1_-_Advanced_Music_Production_System.exe by Unitech has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from ividi.org and multiple other hosts.
Publisher:
Unitech LLC  (signed and verified)

MD5:
c97a0355fef3f551290f97f110c7de8e

SHA-1:
b91a40b6fbeed589230d9ed5d6b1c808bfddf646

SHA-256:
d8c094a9a582333db7023bb5a74289528d665efc072963b12c23ad1020619407

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 3:59:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Adware-LK [PUP]
2014.9-140413

AVG
MalSign.Skodna.Bundle.3d5
2015.0.3505

Bkav FE
W32.Clod933.Trojan
1.3.0.4613

Clam AntiVirus
Win.Adware.Delbar
0.98/18155

Comodo Security
Application.Win32.Babylon.TK
17518

Dr.Web
Adware.Downware.1540
9.0.1.0103

ESET NOD32
Win32/Toolbar.Montiera
8.9190

Fortinet FortiGate
Adware/DelBar
4/13/2014

K7 AntiVirus
Unwanted-Program
13.174.10656

Kaspersky
not-a-virus:AdWare.Win32.DelBar
14.0.0.4020

Malwarebytes
Adware.Montiera
v2014.04.13.11

McAfee
Artemis!C97A0355FEF3
5600.7161

Reason Heuristics
PUP.Unitech.w
14.4.13.23

Rising Antivirus
NSIS:PUF.HiddenInstaller!1.9C64
23.00.65.14411

Sophos
Generic PUA LJ
4.96

Trend Micro House Call
TROJ_SPNR.08LB13
7.2.103

Trend Micro
TROJ_SPNR.08LB13
10.465.13

Vba32 AntiVirus
AdWare.DelBar
3.12.24.3

VIPRE Antivirus
Ividi
24880

File size:
5.9 MB (6,212,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\steinberg_cubase_5.1_-_advanced_music_production_system.exe

Digital Signature
Signed by:
Unitech LLC

Authority:
COMODO CA Limited

Valid from:
6/12/2013 8:00:00 PM

Valid to:
6/12/2016 7:59:59 PM

Subject:
CN=Unitech LLC, O=Unitech LLC, STREET="Kashirskoe sh. 9, bld. 1", STREET="premises IV, room 1", L=Moscow, S=Moscow area, PostalCode=115230, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008422F9D83C113BC0C58A45C1B790465B

File PE Metadata
Compilation timestamp:
2/24/2012 2:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:YzLl+56Natnm6k7g4QTgDvasvzqEKn7QSNak6VyhDLYnWO2XJ4tpx69BN1ps1tcU:KgFtP4/DvRvOEKsniMn92Xitpx6DNGcU

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9922

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file Steinberg_Cubase_5.1_-_Advanced_Music_Production_System.exe has been seen being distributed by the following 2 URLs.

http://ividi.org/.../download?aff=3&lpt=3&fln=Lil_Wayne_-_I_Am_Not_A_Human_Being_2_(Deluxe_Edition)_[mindcrash

http://ividi.org/.../download?aff=3&lpt=3&fln=Steinberg_Cubase_5.1_-_Advanced_Music_Production_System

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.