TSULoader.exe
Yakov Cohen
This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application TSULoader.exe, “Installer for StarApp” by Yakov Cohen has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The file has been seen being downloaded from takeitplease.asia. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
StarApp (signed by Yakov Cohen)
Description:
Installer for StarApp
MD5:
3b3c351c9193280bbec993a8d2604551
SHA-1:
bc91e1dd6e8b895691bcd4baff1d26a156ae6732
SHA-256:
77714962d8eeea63dd9a7f8e59a425478ed6012cff58c209074993638168a79d
Scanner detections:
2 / 68
Explanation:
Uses Web-Pick's 'File Product', an Installer which wraps various products and downloads and installs it silently through the process, hosted on TusFiles.
Analysis date:
3/28/2024 9:24:02 AM UTC (today)
Scan engine
Detection
Engine version
Boost by Reason
Adware.Installer.YakovCohen.J
2013.8.2.3
Reason Heuristics
Adware.WebPick.Installer.J
14.8.7.18
File size:
293.2 KB (300,200 bytes)
Copyright:
Copyright © 2012 StarApp
Original file name:
TSULoader.exe
File type:
Executable application (Win32 EXE)
Installer:
WebPick InstalleRex (Tarma)
Language:
Language Neutral
Common path:
C:\users\{user}\downloads\tsuloader.exe
Authority:
COMODO CA Limited
Valid from:
8/1/2012 8:00:00 PM
Valid to:
8/2/2013 7:59:59 PM
Subject:
CN=Yakov Cohen, O=Yakov Cohen, STREET=Rodenski 10, L=Tel Aviv, S=Israel, PostalCode=69360, C=IL
Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:
009AF809F48BC879375BE578151D15C51C
Compilation timestamp:
3/12/2013 4:51:45 AM
Code size:
7.5 KB (7,680 bytes)
The file TSULoader.exe has been seen being distributed by the following URL.
The executing file has been seen to make the following network communication in live environments.