home

subadvtwo.exe

Rational Thought Solutions

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application subadvtwo.exe by Rational Thought Solutions has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Rational Thought Solutions  (signed and verified)

MD5:
ce6d0ef2f3e997361221fecdb9f717d3

SHA-1:
fa98f670d45c31bf8f54417657f096f8a37d8608

SHA-256:
85777dcf1d45638b2dfea3e759c1641982714feb9d0c0019ffd0329e84e7e54f

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 1:17:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.PullUpdate
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.11.12

Avira AntiVirus
ADWARE/Adware.Gen7
8.3.2.2

Arcabit
PUP.Adware.PullUpdate
1.0.0.593

AVG
Generic_r
2016.0.2913

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.151126

Clam AntiVirus
Win.Adware.Pullupdate-118
0.98/21511

Comodo Security
ApplicUnwnt
23575

Dr.Web
Adware.Yontoo.68
9.0.1.0330

ESET NOD32
MSIL/Adware.PullUpdate
9.12554

Fortinet FortiGate
Adware/PullUpdate
11/26/2015

F-Prot
W32/PullUpdate.B.gen
v6.4.7.1.166

G Data
Win32.Application.Agent.ENHDYK
15.11.25

K7 AntiVirus
Adware
13.212.17825

Kaspersky
not-a-virus:AdWare.MSIL.PullUpdate
14.0.0.1061

Malwarebytes
PUP.Optional.HealthAlert
v2015.11.26.07

McAfee
Artemis!CE6D0EF2F3E9
5600.6569

NANO AntiVirus
Riskware.Win32.Yontoo.dvtops
0.30.26.4437

Panda Antivirus
PUP/PullUpdate
15.11.26.07

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1077

Quick Heal
PUA.MSJDGBTIR.OD6
11.15.14.00

Reason Heuristics
PUP.Injekt.RationalThoughtSolutions.Installer (M)
15.11.26.19

Rising Antivirus
PE:Adware.PullUpdate!6.258A [F]
23.00.65.151124

Sophos
Generic PUA CJ (PUA)
4.98

VIPRE Antivirus
Injekt
45174

File size:
4.5 MB (4,732,224 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\subadvtwo.exe

Digital Signature
Signed by:
Rational Thought Solutions

Authority:
Symantec Corporation

Valid from:
1/23/2015 4:00:00 PM

Valid to:
4/24/2016 4:59:59 PM

Subject:
CN=Rational Thought Solutions, O=Rational Thought Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
00B81C1C4DB6AD87B9B581116F115E4C

File PE Metadata
Compilation timestamp:
6/6/2009 2:41:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:QOTlgel6HGpHoQfubvhy2SjZH4KwHkOgc+G4ndjo0Ckg4qH1DDQWel6NN:xlgypHozy2EZH4DHkOgcANoW1qH1oWRN

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9863

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Remove subadvtwo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.