home

whirlpool awg 458wp user guide provided through pdfretriever.com.exe

SuperInstall

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application whirlpool awg 458wp user guide provided through pdfretriever.com.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from stapi.maxrevinstaller.com.
Publisher:
Live Soft Action S.R.L.  (signed by LiveSoftAction)

Product:
SuperInstall

Version:
8.48.2.2

MD5:
63f69c54df553becd02636df7380b3e3

SHA-1:
a5ee161fa5e653d9efd271e089db721e3831dc5c

SHA-256:
a5d39be98099b8c76553ce448cc03cacbc289fa52439a9f8c0bfd86332372296

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 10:01:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
17.3.12.18

File size:
693.8 KB (710,464 bytes)

Product version:
8.48.2.2

Copyright:
(c) Live Soft Action S.R.L. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\whirlpool awg 458wp user guide provided through pdfretriever.com.exe

Digital Signature
Signed by:
LiveSoftAction

Authority:
COMODO CA Limited

Valid from:
12/12/2013 9:00:00 PM

Valid to:
12/13/2014 8:59:59 PM

Subject:
CN=LiveSoftAction, O=LiveSoftAction, STREET="Str. Dionisie Lupu, Nr. 64-66, Et.", L=Bucharest, S=Bucharest, PostalCode=010458, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2CAFD284C3B4147AD3E7601989FCCF42

File PE Metadata
Compilation timestamp:
11/25/2014 10:21:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x1A4C30

Entry point:
60, BE, 00, 00, 51, 00, 8D, BE, 00, 10, EF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
596 KB (610,304 bytes)

The file whirlpool awg 458wp user guide provided through pdfretriever.com.exe has been seen being distributed by the following URL.

http://stapi.maxrevinstaller.com/api/.../setup.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.