» watchtorrents setup.exe
Overview
Analysis
File Details
Downloads (1)

watchtorrents setup.exe

WatchTorrents Player

Koox Group

The application watchtorrents setup.exe by Koox Group has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from download.kooxsoftware.com.

File name:

Publisher:

Koox Group (signed and verified)

Product:

WatchTorrents Player

Version:

0.9.0

MD5:

98a7bb65c47ebbdc4d8c6ed8d0e5cd10

SHA-1:

b7449940cd1360299c2f3b7f1dafd6a5f3f0a915

SHA-256:

c73c466be3421b5643cedf6cbf5fe795c781600635e1553768235c0408f1f4e0

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/26/2024 8:34:00 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Cloda85.Trojan

1.3.0.4923

Dr.Web

Adware.Toolbar.175

9.0.1.0235

ESET NOD32

Win32/Toolbar.Babylon

8.9385

McAfee

Artemis!98A7BB65C47E

5600.7030

NANO AntiVirus

Riskware.Win32.Babylon.craswq

0.28.0.57630

Rising Antivirus

PE:Trojan.Win32.Generic.157D6CA3!360541347

23.00.65.14821

File size:

26.7 MB (28,016,552 bytes)

Product version:

0.9.0

Koox Group LLC

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\watchtorrents setup.exe

Digital Signature

Signed by:

Koox Group

Authority:

COMODO CA Limited

Valid from:

2/20/2013 8:00:00 AM

Valid to:

2/21/2014 7:59:59 AM

Subject:

CN=Koox Group, O=Koox Group, STREET=admirala lazareva 52, STREET=moscow, L=moscow, S=moscow, PostalCode=117042, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

543075839EE9087B6CEAF7E447CFD4D6

File PE Metadata

Compilation timestamp:

1/30/2013 10:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:3d0cSaolc+k8XGl/K7ZRUe/jn5ngkrs8/WT:5S/lc+k8i/K7ZRxn5nRrsDT

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9997

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file watchtorrents setup.exe has been seen being distributed by the following URL.

http://download.kooxsoftware.com/?q=dl_watchtorrent

Remove watchtorrents setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.